Can someone take over my Fitbit account?

An "account takeover" is a phenomenon that affects many popular online destinations, especially if attackers can find a way to make money. While it's not possible for someone to access your credit card information via your Fitbit account, for example, we have seen attackers attempting to obtain a replacement device, per our warranty, and then sell it.

Importantly, the account owners are not charged for the warranty replacement, and most of these warranty replacement attempts are caught by Fitbit’s fraud management tools and personnel and then referred to law enforcement.

The most common way for an account to be taken over is for an attacker to learn the correct username and password associated with the account.

There are a couple ways that attackers do this, which include:

• By reusing username and password combinations obtained from other online sites or accounts. Since many people use the same username and password across multiple online sites, a compromise of one site can lead to compromises elsewhere.
• By using keylogging and other malware on people’s machines to capture passwords as they are typed.

Fitbit takes our obligation to safeguard customer information very seriously. We use several methods to identify, block, and address malicious activity. We take steps to lock accounts when we believe they have been compromised, meaning we reset the password and prompt the customer to create a new one.

• Turn on two factor authentication. For more information, see How do I protect my Fitbit account with two factor authentication?
• Consider moving Fitbit to your Google Account to access Google's industry-leading security. For more information, see What should I know about moving Fitbit to my Google Account?
• Make sure you use a different password for every online account. For more information, see How do I change or reset my Fitbit password?

If you still have access to your account, change your password to a new, unique password that you’ve never used before.

If you can no longer access your account, contact Customer Support and tell us you suspect an account takeover. We'll route the case to our security team as soon as possible.

If you received an email with a link to reset your password and you did not make a password reset request, we recommend that you open the Fitbit app or visit fitbit.com to start a password reset and create a new, unique password. You can also move Fitbit to your Google Account to use a single password. For more information, see How do I change or reset my Fitbit password?

After you create a new password, you can disregard any password-related emails that you didn't request. We don’t recommend marking these emails as spam.

Contact Customer Support.

Even with your username and password an attacker cannot access your credit card details.