Last few days, many reports were popping up on the web suggesting that a security breach happened at Withings, now Nokia Health, that may have exposed private user information. We contacted Nokia for an official statement and they said that they heard about reports that small number of user account credentials got from an earlier breach of unaffiliated third party data appeared on or originated from a site called Exploit.in.
Nokia’s and Withings’ servers and databases were not hacked, and all users whose credentials may have been compromised received an email notification and password reset, as a precautionary measure. You can read the whole statement from Nokia down below.
We recently became aware of reports that a small number of user account credentials were included in an earlier breach of unaffiliated third party data. We notified affected account holders and reset their passwords as a precautionary measure to prevent any data exposure. At this time we have found no evidence of an intrusion or hacking into our servers or databases.
The usernames and passwords in question appear to originate from Exploit.in, a database created by an anonymous individual who compiled stolen data obtained from previous security breaches of unaffiliated third parties.
The security and privacy of our users is our top priority. Users are reminded to avoid using the same username and password combinations on multiple applications and to change their passwords often as this minimizes the ability to re-use access credentials on multiple systems in case of a data breach.
To conclude, private information of Withings/Nokia users is safe. Nokia notified and did a password reset to all users, that may have been in danger of getting their info exposed.