Fitbit Sees Lawsuit, Security Compromise, And Stock Drop In 2016: Can The Health Wearable Giant Rebound?
Fitbit had a great year in 2015, dominating the global market and giving investors reasons to smile, even if the company was sued by a competitor and one of its trackers gave people rashes. 2016 was looking rosy for the wearable company, but the first week of the year has only brought more trouble.
In the past week alone, Fitbit was hit with a class-action lawsuit claiming its popular Charge HR, the biggest feature of which is a built-in heart rate monitor, was displaying wildly-inaccurate heart rates. In addition, online hackers found a way to retrieve user information through Fitbit devices, and stock prices dropped 18 percent after the company unveiled its newest fitness tracker, the Blaze. The lawsuit claims three different plaintiffs bought the company's devices based on marketing material promising accurate heart rate numbers.
However, one of the plaintiffs had his trainer manually count his heart rate before comparing the number to the Fitbit the plaintiff was wearing. The trainer's count was 160 beats per minute, while the Fitbit's count was only 82 beats per minute. Fitbit's heart rate monitors use a technology called PurePulse to track a user's heart rate; LED lights monitor blood flow through the user's wrist; then calculate what their heart rate is. This differs from traditional heart rate monitors, which are either strapped to the chest or require the user to apply force to read their pulse.
"Plaintiffs and many consumers like them have experienced — and testing confirms — that the PurePulse Trackers consistently misrecord heart rates by a significant margin, particularly during exercise," the complaint reads. "This failure did not keep Fitbit from heavily promoting the heart rate monitoring of the PurePulse Trackers and profiting handsomely from it. In doing so, Fitbit defrauded the public and cheated its customers."
This distinction is very important for exercise, because monitoring your heart rate gives you a good view of how hard you are working out. The Centers for Disease Control and Prevention says "for vigorous-intensity physical activity, a person's target heart rate should be 70 to 85 percent of his or her maximum heart rate." To find your maximum heart rate, take your age and subtract it from 220. If a fitness tracker was informing you your heart rate was under your maximum, you might push yourself a little more, leading to overexertion.
Buzzfeed and iDigitalTimes report online hackers found their way into dozens of user accounts, in what Fitbit is calling "a malicious attack." The hackers used email accounts leaked from third-party websites to break into these accounts, with at least 24 accounts compromised. The hackers could see where a person runs or spends a lot of their time using the trackers built-in GPS, as well as the user's sleep patterns.
"Basically, they start a support case with customer service, but before they do that, they change the email address on the account they hacked to an address that they control, and at that point they are the customer," Fitbit's chief of security Marc Bown told Krebs on Security.
Finally, there's the newest device, the Blaze. It can track steps, calories burned, miles covered, sleep time, and 15 different types of exercises like tennis, basketball or if you’re using an elliptical machine. The Verge reports the problem people have with it is the Blaze its shape. It's much bigger than many other fitness trackers on the market, akin to the Apple Watch, with a watch face that can pop out to be used in other straps. The Verge reports it looks slightly better in person, but stock still took a nosedive after it was unveiled.
Though research shows people abandon their fitness trackers after six months, experts say the top fitness trend for 2016 is going to be wearables. Let's hope Fitbit can brush off a shaky start to the year and come back strong.
As of this writing, requests for comment from Fitbit have gone unanswered.
UPDATE at 10:38 am, 1/11/16 from Fitbit:
“This is not a case of Fitbit emails or servers being hacked and it would be inaccurate to state or imply otherwise. Our investigation found that the accounts were accessed by an unauthorized party using previously stolen or compromised credentials (email addresses and passwords) from other third-party sites unrelated to Fitbit.
We take the security of our customers’ accounts very seriously, and we took immediate action to protect our users by resetting the passwords of affected users and prompting them to create new passwords. As a best practice, Fitbit recommends that our customers avoid reusing passwords associated with their email address or any other accounts, as this practice leaves them more vulnerable to this type of malicious behavior. It’s also important to note that these types of account takeover attempts are now a routine issue for many popular online sites and part of doing business.”