Information from fitness tracking devices was vulnerable to hackers, scientists have found.

Researchers at the University of Edinburgh carried out an in-depth security analysis of two popular models of wearable fitness trackers made by Fitbit.

They found weak spots which could have allowed hackers to share personal data such as heart rate, steps taken and calories burned.

This could potentially have been used to blackmail users through threats to expose their lack of physical activity.

It could also lead to fake health records being created and leave users open to targeted marketing.

In response to the findings, Fitbit developed new software patches to improve the privacy and security of its devices.

During the study, the university team found a way of intercepting messages sent between fitness trackers and the cloud servers where the data is sent, allowing them to access personal information and create false records of activity.

By dismantling the devices, the researchers were also able to gain access to stored data.

Scientists say security on wearable devices could be improved to better protect users' data.

Dr Paul Patras, who took part in the study, said: "Our work demonstrates that security and privacy measures implemented in popular wearable devices continue to lag behind the pace of new technology development.

"We welcome Fitbit's receptiveness to our findings, their professional attitude towards understanding the vulnerabilities we identified and the timely manner in which they have improved the affected services."

He said that the researchers were able access information on the devices via a "man in the middle" attack, which intercepts the data before it is sent to the cloud.

This could allow blackmailers to see health data, a technique which would be used to target celebrities.

Dr Patras added: "They could extract information and say you're not as active as you say you are, or use the data for other nefarious purposes."

The study, which also involved German and Italian computer scientists, will be presented at a major cybersecurity conference in Atlanta, Georgia next week.