Security researchers discovered a vulnerability in the network backend for a range of "smart" jacuzzis, reports Matthew Gault for Vice. From the report it seems that hijinks with the tubs themselves were not in play, sadly, but vast amounts of user information and account credentials were.
Then Eaton used a program called Fiddler to intercept and modify some code that told the website they were an admin, not just a user. They were in, and could see a wealth of information about Jacuzzi owners from around the world. "Once into the admin panel, the amount of data I was allowed to was staggering. I could view the details of every spa, see its owner and even remove their ownership," he said. "Please note that no operations were attempted that would actually change any data. Therefore, it's unknown if any changes would actually save. I assumed they would, so I navigated carefully."