Hackers Access Contact Details Of Ultrahuman Users Via Internal Tool
Superadmin
Ultrahuman suffered a cybersecurity incident in March this year, which led to hackers accessing certain personal information of the smart ring maker’s users.
In an email sent to impacted customers, the smart ring brand said that the breach occurred on March 27 after an unauthorised third-party gained “read-only” access to the startup’s internal analytics systems. Ultrahuman added that the access was limited as the system in question did not permit modification or deletion of data.
Subsequently, the startup said that it took the impacted system offline and revoked all access to the said system.
Meanwhile, Ultrahuman told TechCrunch that the attackers gained access via credentials stolen from a malware-infected laptop of an employee, resulting in wellness data belonging to about 0.1% of users being accessed. This translates into at least 700 impacted customers as previous reports suggested that the smart ring brand has around 7 Lakh monthly active users.
In the email, Ultrahuman CEO Mohit Kumar claimed that critical user data, including password, payment information and wellness data, was not leaked in the incident. While the startup did not clarify what wellness data constituted, it added that hackers did access user information such as contact and account details as well as order and transaction history.
Ultrahuman claims to have since implemented various remediation measures to thwart any future breaches. This includes hardened security on employee devices, increased frequency of periodic access audits, and deployment of anomaly detection on internal systems.
“We have also conducted active monitoring of public and other internet channels for any evidence of the publication or further misuse of the accessed information. To date, we have not identified any such publication or misuse,” said Ultrahuman in the email.
On why the startup had delayed informing affected users and regulators, Kumar reportedly said that the smart ring maker was auditing the full scope of the incident to determine what data had been affected.
Founded in 2019 by Kumar and Vatsal Singhal, Ultrahuman manufactures a range of metabolic health tracking devices such as the Ring Air smart ring and the M1 continuous glucose monitoring device. The startup has raised more than $103 Mn to date and is backed by names such as Nexus Venture Partners, Steadview Capital, Blume Ventures and Premji Invest.
The smart ring maker’s primary market is the US, which brings the lion’s share of its revenues. However, the company is locked in a legal tussle with Finnish competitor Oura in the country.
In a major blow to the startup, the US International Trade Commission (ITC) ruled that Ultrahuman’s smart rings infringed on a patent held by Oura, which resulted in a months-long import ban that locked it out of its most important market and reportedly cost it up to $50 Mn in lost sales.
The company re-entered the US market in March 2026 with Ring Pro, a redesigned smart ring it claimed addressed the patent claims that triggered the ban.
On the financial front, Ultrahuman turned profitability in FY25, minting a net profit of ₹71.5 Cr against a loss of ₹37.7 Cr in the year ago fiscal. The startup’s operating revenue also surged nearly 5X to ₹564.7 Cr in the fiscal under review compared to ₹104.6 Cr in FY24.
The post Hackers Access Contact Details Of Ultrahuman Users Via Internal Tool appeared first on Inc42 Media.
