Subscribe
    Computing

    A recent smart ring data hack should worry every Galaxy Ring owner, even the ones who dodged it

    adminBy No Comments5 Mins Read

    Your Samsung Galaxy Ring, your Oura, your Ultrahuman, they all run on the same quiet bargain: you hand over the most personal data you own, and you trust the company to guard it. So what happens when one of those companies gets broken into, and then can’t quite tell you how bad it was?

    Ultrahuman confirms hackers reached customer wellness data

    Ultrahuman, the India-based smart ring maker behind the Ring Air and the newer Ring Pro, has confirmed that hackers got into customer wellness data. The company started emailing affected users on Wednesday (June 3), according to a new report.Here’s what went down: the hack took place on March 27 and hit an internal analytics system, not the rings or the core product. The attackers got in using login credentials swiped from an employee’s malware-infected laptop.
    Ultrahuman says it caught the breach within hours, pulled the affected system offline, and revoked access. CEO Mohit Kumar said the company’s alerting systems flagged the incident fast and the hole was closed.

    How many people were actually affected

    By Ultrahuman’s own math, the breach touched roughly 0.1% of its users. That sounds tiny until you run the conversion.

    The company has previously reported around 700,000 monthly active users, which puts the floor at about 700 people who had health data accessed. Ultrahuman didn’t dispute that number, but it also wouldn’t say exactly how many customers got hit.

    What’s confirmed safe: no passwords, no payment information, no production systems, and no actual Ring devices were compromised. The company also says the attacker only had “read-only” access to the system.

    Why this matters more than the numbers suggest

    A 700-person breach won’t make global headlines, and that’s exactly why it’s worth talking about. The real story is what these devices know about you.

    Smart rings like Ultrahuman’s, and rival Oura, store your health data on company servers in a way that lets employees, governments, and bad actors potentially reach it. We made that point when Oura kept pushing harder into the US market, and it applies double here. A smartwatch tracks your steps. A health ring profiles your body.

    The reaction from owners tells its own story. On Reddit, one ring user who got the breach email wrote that Ultrahuman insists only their email leaked, but added that given the company’s track record, they’d bet more was taken than the company is admitting.

    Reddit post in the SmartRings community titled "Ultrahuman data breach" describing a user's reaction to the breach notification email.Reddit post in the SmartRings community titled "Ultrahuman data breach" describing a user's reaction to the breach notification email.

    A SmartRings subreddit user reacts to receiving Ultrahuman’s breach notification email. | Image by Reddit

    That skepticism isn’t coming out of nowhere. It should be noted that Ultrahuman has been in aggressive expansion mode, fighting Oura in court over patents while pricing a luxury ring at nearly $2,000. When a company is scaling that fast, security can’t be an afterthought, because the data it holds is permanent in a way a leaked password never is. You can change a password. You can’t change your resting heart rate history.

    What this means if you wear a Galaxy Ring or Oura

    If you’re on a Samsung Galaxy Ring, this specific breach doesn’t touch you. Your data lives in Samsung Cloud tied to your account, protected by Samsung’s Knox security, and Samsung says it doesn’t share personal health data externally without consent. So Samsung itself has little to worry about here on a security level.

    That said, the structural point still lands. Galaxy Ring data is cloud-stored health data, same as Ultrahuman’s, and Samsung even offers a developer SDK that gives approved partners access to user health data with consent. Oura owners are in the same boat: convenient cloud sync, your body’s metrics sitting on someone else’s server. The lesson isn’t “switch rings,” it’s that every one of these devices runs on trust, and trust is only as strong as the company’s worst day.

    The part that should bother you

    What gets me isn’t the breach itself, because every company gets hit eventually. It’s that Ultrahuman won’t confirm whether any of your data actually left the building.

    The company called the access “read-only” and said its investigation is ongoing, but it wouldn’t confirm whether data was exfiltrated. “Read-only” is doing a lot of comforting work in that sentence, and it shouldn’t. Read-only access still means someone sat there and looked at your sleep patterns and heart data, and the company can’t tell you if they walked out with a copy.

    I’ve worn a smart ring, and the appeal is real: it’s the quietest, least intrusive way to track your health that exists right now. But that convenience runs on a deal where you hand over your most intimate metrics and trust the company to guard them.

    When “did they take my data” is still a question, that deal starts looking lopsided, and clearly I’m not the only one feeling it. The rings are great. The vagueness is not.

    Want more hot takes and behind-the-scenes tech coverage? Follow me on X and Threads for the stuff that doesn’t always make the article.

    Samsung Galaxy Z Flip 6 flash sale! Limited time offer!

    Save $30 on Samsung Galaxy Z Flip 6 from Back Market. Discount automatically applied at checkout. Offer ends 7 June 2026 at 23:59.


    Get at Back Market

    Read the latest from Johanna Romero

    #smart #ring #data #hack #worry #Galaxy #Ring #owner #dodged

    Share.

    Related Posts

    Add A Comment

    Leave A Reply