Jawbone says 'limited' number of MyTALK accounts hacked

[Erica Absetz <eabsetz () opensecurityfoundation org>]

http://www.engadget.com/2013/02/13/jawbone-says-limited-number-of-mytalk-accounts-hacked/

If you have a Jawbone headset and MyTALK account, you may have
received an email from the outfit warning that you'll need to reset
your password due to a security compromise in a "limited" number of
accounts. The company said it halted the hack after "several hours,"
however, and that thieves only stole names, email addresses and
encrypted passwords -- but no other user information, so far as it can
tell. If affected, you'll need to reset your password by following the
instructions (in the PR after the break), and Jawbone also advised you
to change it on other sites too, if used elsewhere -- never a good
practice, incidentally.

[Thanks to everyone who sent this in.]

PRESS RELEASE

We are writing to inform you of an important security matter. We
recently learned that login information for your Jawbone MyTALK
account was compromised by an isolated attack on our system.

In the course of this attack, limited user information related to your
MyTALK account-specifically your name, email address, and an encrypted
version of your password (not the actual letters and numbers in your
password)-was compromised. We took immediate action to protect your
login information. Based on our investigation to date, we do not
believe there has been any unauthorized use of login information or
unauthorized access to information in your account.

To help protect your account, we have disabled your old MyTALK
password and you can no longer use it. Please reset your MyTALK
password by following the instructions below. To help ensure that your
information remains safe, we recommend that you do not choose the same
password that you use to log in anywhere else, and change your
password on other sites where your old MyTALK password is used.
Steps to reset your password:

Copy and paste this URL into your web browser: https://jawbone.com/user/reset
Type in your email address and click the Reset Password button
You will receive an email with instructions to complete the password reset

We sincerely apologize for any inconvenience this may have caused. The
security of your personal information is a top priority for us. We
take security very seriously and will continue to take steps to keep
your account information safe.
If you need help resetting your password, please contact Customer
Support by emailing support () jawbone com.
_______________________________________________
Dataloss Mailing List (dataloss () datalossdb org)
Archived at http://seclists.org/dataloss/
Unsubscribe at http://datalossdb.org/mailing_list

Supporters:

Risk Based Security (http://www.riskbasedsecurity.com/)
Risk Based Security equips organizations with security intelligence, risk
management services and on-demand security solutions to establish
customized risk-based programs to address information security and
compliance challenges.