Health accessory maker iHealthLabs has suffered from a data breach, CEO Yi Liu said in an email to customers this evening. In the email, Liu explains that a security researcher was able to decrypt encrypted email addresses of users, but that iHealthLabs was able to correct the software error within 24 hours of confirmation…

Sylvania HomeKit Light Strip

The email says that between January 5th and February 7th, a security researcher with the Office of the Privacy Commissioner of Canada was able to decrypt “some users’ encrypted email addresses.” The security hole was seemingly open for over a month, with iHealthLabs verifying the problem on February 13th, 2018 and correcting it within 24 hours.

As a result of this research, the researcher was able to decrypt some users’ encrypted email addresses that were sent in encrypted form from our server as a result of a software error.

iHealthLabs has subsequently been in contact with the security researcher, who says he deleted the decrypted email addresses. However, the company says it is “conducting a review of our software and will notify you if there are any significant developments.”

Ultimately, iHealthLabs does not believe that any health information was included in the breach:

Because this incident was limited to your email address and did not include your health vitals or other information, we do not believe any further action from you is warranted at this time.

iHealthLabs makes a range of health products, including some that integrate with Apple’s HealthKit platform.

Thanks, Tim!

About the Author