Jawbone's MyTalk service, which lets users update and personalize their speakers and headsets, has been hacked. A number of users were informed this morning that their names, email addresses, and encrypted passwords have been compromised — it's not clear what method was used to encrypt the passwords. The company says that it hasn't detected anyone using the stolen details to login to accounts, and has disabled the passwords of any user it believes to be affected. Not all MyTalk users are affected. For example, the account of a Verge editor was not reset.
Another day, another hack. Jawbone credentials wiped. twitter.com/davezatz/statu…— Dave Zatz (@davezatz) February 13, 2013
It's been a tough couple of years for Jawbone. The company's first foray into fitness trackers, the Up band, was marred by reports of widespread hardware failure, and with concerns about the general privacy of fitness data, this hack won't help the company's reputation. MyTALK is a big part of Jawbone's setup — all updates and online services go through it, so it's safe to say that a large portion of the company's users are signed up. Jawbone hasn't commented on the hack yet, but we've reached out and will update you once we hear back.
Update: Jawbone has issued the following statement to The Verge confirming the attack:
Jawbone recently learned that login information for a limited number of Jawbone MyTALK accounts was compromised by an isolated attack on our system. The attack was identified within hours, and we blocked the attack and reset passwords of all compromised accounts. Based on our investigation to date, we do not believe there has been any unauthorized access to information in compromised accounts using login credentials.
We'll email you a reset link.
If you signed up using a 3rd party account like Facebook or Twitter, please login with it instead.
Choose an available username to complete sign up.
In order to provide our users with a better overall experience, we ask for more information from Facebook when using it to login so that we can learn more about our audience and provide you with the best possible experience. We do not store specific user data and the sharing of it is not required to login with Facebook.