Preparing Gadgets...
Contact|
Home>Blog>Hackers got their hands on health data from this smart ring manufacturer and the answer is disturbing
Phone Finder

Hackers got their hands on health data from this smart ring manufacturer and the answer is disturbing

6/5/2026ReviewsUltrahuman
Hackers got their hands on health data from this smart ring manufacturer and the answer is disturbing
Smart ring maker Ultrahuman was breached March 27 when hackers accessed an internal analytics system using stolen employee credentials. Wellness data of ~0.1% of users (~700 people) were reviewed. No stolen passwords, payments or rings. The corporation spotted it within hours but won’t disclose if any data was exfiltrated, describing access as “read-only.” Health data – sleep, heart rate, stress – is permanent and sensitive, and the vagueness is disconcerting to users and critics.

You put a little computer on your finger and you give up the most private data that you have, how do you sleep, how does your heart respond, when is your body upset. So what happens when the corporation that has all that is burgled, and then can’t quite tell you how awful it was?

Hackers accessed customer wellbeing data, confirms Ultrahuman

Ultrahuman, an India-based business that develops smart rings, including the Ultrahuman Ring Pro and the Ring Air, says hackers acquired access to consumer wellness data. The company started emailing affected consumers on Wednesday, June 3, a new report says.

Here’s what occurred: The attack happened on March 27 and targeted an internal analytics system, not the rings themselves or the primary product. The intruders got into the system using login data obtained from an employee’s malware-infected laptop.

Ultrahuman said it found the intrusion within hours, took the affected system offline and cut off access. The company's warning systems captured the event swiftly and the breach was sealed, said CEO Mohit Kumar.

But how many people were actually hit?

Ultrahuman’s own math indicated the breach affected only 0.1% of its users. That sounds small until you calculate it.

The startup said it has about 700,000 monthly active users. That means the floor is about 700 people whose health data was accessed. Ultrahuman didn’t deny the figure, but would not say how many clients were affected.

Confirmed safe: No passwords, payment information, manufacturing systems, or physical ring devices, including the Ultrahuman Ring Pro, were compromised. The business also says the attacker had “read-only” access to the system.

Why this is more than the numbers tell us

700 persons is hardly a breach that will make international news – and that’s exactly why it should be discussed. The true narrative is what these technologies know about it.

Smart rings like Ultrahuman’s Ultrahuman Ring Pro (and rival Oura’s) save your health data on corporate servers in a format that may be accessed by employees, governments, and hostile actors. That was the situation when Oura kept moving deeper into the US market, and it’s double the case now. A smart watch tracks your steps. A health ring takes a picture of your physique.

The owners’ answer says it all. "Ultrahuman keeps saying only our email leaked but with the company's track record I'd bet more was taken than the company is admitting," remarked one Reddit user who owns an Ultrahuman Ring Pro and received the breach email.

This doubt is not without foundation. Ultrahuman has been aggressive in growing its presence and has fought Oura in court over patents and charging a premium price of about $2,000 for its ring, the same price point as the Ultrahuman Ring Pro. When a firm is scaling at such a pace security can never be an afterthought — because the data it holds is permanent in a way a stolen password never is. You can change a password. You can't alter your resting pulse history.

The section you care about

What irritated me was not the breach. All organizations get attacked eventually. The frustrating thing is that Ultrahuman doesn’t inform you if any of your data actually exited the premises.

The organization defined the access as “read-only” and said its investigation is ongoing, but would not say if data had been exfiltrated. That statement is doing a lot of soothing work with the phrase "read only" and shouldn't be. Even read-only access means someone sat down and looked at your sleep patterns and heart stats – and the corporation can’t tell you if they walked away with a copy.

My view

I’ve had a clever ring on… There is an appeal to it: it is the quietest, least invasive health tracking method available today. But that ease comes at the price of a bargain in which you hand over your most private information to the corporation and trust it to keep them safe.

That arrangement begins to look one-sided when “did they take my data?” is still a question. And obviously I’m not the only one who feels that way. The rings are magnificent. Not the ambiguity.

Back to Blogs