Can someone take over my Fitbit account?
From time to time, unauthorized parties may attempt to log into Fitbit accounts after obtaining the usernames and passwords from another source. This article explains how to protect your account.

An "account takeover" is a phenomenon that affects many popular online destinations, especially if attackers can find a way to make money. While it's not possible for someone to access your credit card information via your Fitbit account, for example, we have seen attackers attempting to obtain a replacement device, per our warranty, and then sell it.
Importantly, the account owners are not charged for the warranty replacement, and most of these warranty replacement attempts are caught by Fitbit’s fraud management tools and personnel and then referred to law enforcement.

The most common way for an account to be taken over is for an attacker to learn the correct username and password associated with the account.
There are a couple ways that attackers do this, which include:
- By reusing username and password combinations obtained from other online sites or accounts. Since many people use the same username and password across multiple online sites, a compromise of one site can lead to compromises elsewhere.
- By using keylogging and other malware on people’s machines to capture passwords as they are typed.

Fitbit takes our obligation to safeguard customer information very seriously. We use several methods to identify, block, and address malicious activity. We take steps to lock accounts when we believe they have been compromised, meaning we reset the password and prompt the customer to create a new one.

Follow these tips:
- Turn on two factor authentication. For more information, see How do I protect my Fitbit account with two factor authentication?
- Make sure you use a different password for every online account. Since it is challenging, if not impossible, to remember passwords, we recommend using a password manager to help. Many excellent options are available, including free solutions built into many popular web browsers. You can also read our tips for creating a secure password in How do I change or reset my Fitbit password?
- Take steps to keep your computer free from malware.
- Consider keeping tabs on your accounts by using a monitoring service like haveibeenpwned.com. These services will let you know if your account details are leaked anywhere online.

If you still have access to your account, change your password to a new, unique password that you’ve never used before.
If you can no longer access your account, contact Customer Support and tell us you suspect an account takeover. We'll route the case to our security team as soon as possible.

If you received an email with a link to reset your password and you did not make a password reset request, we recommend that you open the Fitbit app or visit fitbit.com to start a password reset and create a new, unique password. For more information, see How do I change or reset my Fitbit password?
After you create a new password, you can disregard any password-related emails that you didn't request. We don’t recommend marking these emails as spam.

Contact Customer Support and we'll reset your account if needed.

Even with your username and password an attacker cannot access your credit card details.
1969