Can someone take over my Fitbit account?

Expand all Collapse all

Why would someone want to take over my Fitbit account?

An "account takeover" is a phenomenon that affects many popular online destinations, especially if attackers can find a way to make money. While it's not possible for someone to access your credit card information via your Fitbit account, for example, we have seen attackers attempting to obtain a replacement device, per our warranty, and then sell it.

Importantly, the account owners are not charged for the warranty replacement, and most of these warranty replacement attempts are caught by Fitbit’s fraud management tools and personnel and then referred to law enforcement.

How does this happen?

The most common way for an account to be taken over is for an attacker to learn the correct username and password associated with the account.

There are a couple ways that attackers do this, which include:

  • By reusing username and password combinations obtained from other online sites or accounts. Since many people use the same username and password across multiple online sites, a compromise of one site can lead to compromises elsewhere.
  • By using keylogging and other malware on people’s machines to capture passwords as they are typed.
What is Fitbit doing about this threat?
Fitbit takes our obligation to safeguard customer information very seriously. We use several methods to identify, block, and address malicious activity. We take steps to lock accounts when we believe they have been compromised, meaning we reset the password and prompt the customer to create a new one.
What can I do to prevent an account takeover?
I think my account has been taken over. What should I do?

If you still have access to your account, change your password to a new, unique password that you’ve never used before.

If you can no longer access your account, contact Customer Support and tell us you suspect an account takeover. We'll route the case to our security team as soon as possible.

I received an email about a password reset request I didn't make. What should I do?

If you received an email with a link to reset your password and you did not make a password reset request, we recommend that you open the Fitbit app or visit to start a password reset and create a new, unique password. You can also move Fitbit to your Google Account to use a single password. For more information, see How do I change or reset my Fitbit password?

After you create a new password, you can disregard any password-related emails that you didn't request. We don’t recommend marking these emails as spam.

Has my credit card been compromised?
Even with your username and password an attacker cannot access your credit card details.

Was this helpful?

How can we improve it?
Clear search
Close search
Google apps
Main menu