Fitbit gets hacked with warranty fraud

Compromised Fitbit accounts were rendered inaccessible in December as it was used to falsify faulty devices to get to replacements.  Since numerous replacement request came from the hacked user accounts, Fitbit did not become aware of the issue until volumes of customer data was posted on Pastebin, a popular code sharing & hacker hangout site.  Cleverly, the Fitbit accounts/credentials were used to attain customer data from other e-commerce providers (and actual owners were locked out since hackers were able to change the account email addresses).  Hence, using same passwords for multiple accounts is an entry point to other accounts (and reportedly the source may have been from compromised workstations with password-stealing malware).  The Fitbit device models, GPS history and other client data was said to be exposed, and the Surge Fitbit model worth approx. $250 were the main target for fraud. The company has not released the total number of accounts compromised but BuzzFeed News indicated at least 24 known cases.
Expect IoT and wearable devices to brush the front pages going forward in the new year since the data kept and/or connected to them are equally at risk...and some devices do not have authentication, let alone strong or 2-factor.