Jawbone, makers of Bluetooth headsets, fitness bracelets, and neat Jambox portable speakers, has warned that hackers managed to break into its systems, and accessed the names, email addresses and encrypted passwords of users.
In an email sent to affected users, Jawbone explained that the hack affected an unspecified number of customers who had registered a MyTALK account (used to customise devices and receive firmware updates). [Screenshot]
Jawbone said it had disabled the MyTALK passwords of affected customers, and was keen to emphasise that it did not have any evidence that the hackers had abused the stolen information:
"..we do not believe there has been any unauthorized use of login information or unauthorized access to information in your account."
What remains a mystery, however, is how many Jawbone customers were impacted and just how Jawbone stored the encrypted passwords. For instance, there's no indication that the hashed passwords were salted to introduce a random factor that would make them significantly harder to crack.
Continued : http://nakedsecurity.sophos.com/2013/02/13/jawbone-hack/
Jawbone's MyTALK personalisation service hacked; names, emails, hashed passwords compromised
Jawbone: Some MyTalk Accounts Compromised by Hack