Hackers Access Ultrahuman Wellness Data After Stealing Employee Credentials Via Malware
Image: Zamin.uz

Hackers Access Ultrahuman Wellness Data After Stealing Employee Credentials Via Malware

03 June, 2026.Technology and Science.7 sources

Key Takeaways

  • Hackers accessed Ultrahuman via stolen employee credentials through malware targeting internal analytics system.
  • Approximately 700 customers were affected, with email addresses exposed.
  • Ultrahuman alerted affected users by email about the breach.

Breach via Internal Tool

Wearable health startup Ultrahuman said hackers accessed customers’ wellness data after stealing an employee’s credentials through malware, using an internal analytics system on March 27.

Ultrahuman’s user database was recently hacked, and the smart ring company says there was “no evidence of misuse

9to5Google9to5Google

TechCrunch reported that Ultrahuman told it the attackers gained access using credentials stolen from an employee’s malware-infected laptop, resulting in wellness data belonging to about 0.1% of users being accessed.

Image from 9to5Google
9to5Google9to5Google

Based on Ultrahuman’s previously reported figure of roughly 700,000 monthly active users, TechCrunch said that would equate to at least 700 customers who had their health data accessed.

Ultrahuman also told TechCrunch that it detected the intrusion promptly, took the affected system offline, and revoked all access, and it said no passwords, payment information, production systems, or Ultrahuman Ring devices were compromised.

In a separate account, the Gadget Review said the March 27 attack followed a script in which hackers infected an Ultrahuman employee’s laptop with malware, stole their credentials, and then used those login details to access an internal analytics system containing user wellness data.

Read-Only, Delayed Notice

Ultrahuman told TechCrunch that the threat actor obtained “read-only” access to the affected system, while the company declined to confirm whether its investigation had determined if any customer data was exfiltrated.

The5krunner reported that Ultrahuman notified customers on 3 June 2026 that an unauthorised third party gained read-only access to an internal analytics system on 27 March, and it said email addresses were exposed.

Image from Frandroid
FrandroidFrandroid

TechCrunch said Ultrahuman delayed informing affected users while it audited the full scope of the incident and determined what data had been affected, and it quoted CEO Mohit Kumar saying, “Our security alerting systems detected the incident within hours, and we closed the vulnerability swiftly,”.

In the same thread, the5krunner said the UK GDPR requires notification to affected individuals without undue delay where a breach is likely to pose a high risk to their rights and freedoms, and it added that whether Ultrahuman notified the Information Commissioner’s Office within the required 72-hour window has not been disclosed.

Ultrahuman’s email alerting users also warned about phishing attempts, and 9to5Google quoted the company’s position that “no passwords, card details, or payment data were involved, and we have found no evidence of misuse.”

Regulators, Investors, and Risk

TechCrunch said Ultrahuman told it it was notifying regulators and had delayed informing affected users while it audited the full scope of the incident and determined what data had been affected.

Your sleep patterns, recovery metrics, and daily activity rhythms aren’t just numbers on your phone

Gadget ReviewGadget Review

The5krunner added that Ultrahuman has a registered UK entity, Ultrahuman Healthcare Ltd, which brings it within the ICO’s direct jurisdiction, and it said Mohit Kumar, founder and CEO, signed the notification personally.

The Gadget Review said Ultrahuman claims attackers gained only “read-only” access and that passwords, payment info, and ring devices themselves stayed secure, but it also noted that the company won’t specify whether data was actually copied out or simply viewed.

TechCrunch reported that Ultrahuman counts Nexus Venture Partners, Steadview Capital, and Blume Ventures among its investors, and it said the startup has raised around $103 million to date, per Tracxn.

Across the coverage, the breach is framed as a warning about how wellness tracker startups store users’ data on their servers in a way that allows employees, governments, and malicious hackers to access customers’ health data, even when the company says no passwords or production systems were compromised.

More on Technology and Science