Health accessory maker iHealthLabs has suffered from a data breach, CEO Yi Liu said in an email to customers this evening. In the email, Liu explains that a security researcher was able to decrypt encrypted email addresses of users, but that iHealthLabs was able to correct the software error within 24 hours of confirmation…
The email says that between January 5th and February 7th, a security researcher with the Office of the Privacy Commissioner of Canada was able to decrypt “some users’ encrypted email addresses.” The security hole was seemingly open for over a month, with iHealthLabs verifying the problem on February 13th, 2018 and correcting it within 24 hours.
iHealthLabs has subsequently been in contact with the security researcher, who says he deleted the decrypted email addresses. However, the company says it is “conducting a review of our software and will notify you if there are any significant developments.”
Ultimately, iHealthLabs does not believe that any health information was included in the breach:
iHealthLabs makes a range of health products, including some that integrate with Apple’s HealthKit platform.
Thanks, Tim!
