Buzzfeed News reports that over 3,600 owners of these devices had their log-in information, names, emails, passwords, time zones, and camera locations exposed. Hackers who gained access to the information could potentially use it to take over the devices and view video history.
In an email to customers, the company explained that the information was most likely leaked because of credentials that were stolen in separate data breaches.
“Due to the fact that many people use username and password for many different accounts, bad actors often re-use credentials stolen or leaked from one service on other services. We believe that somebody may have used this method to attempt to gain access to your Ring account and we are committed to making sure that you and those you designate are the only people with access to your account,” the company stated.
“Rest assured this incident is in no way related to a breach or compromise of Ring’s security.”
More than basic protections needed
Although Ring says that its own security isn’t at fault for this leak, consumer advocates are having none of it.
In a post of its own, the Electronic Frontier Foundation (EFF) charges that for Ring to fall victim to credential stuffing techniques (which the company says happened in this case) is egregious because hackers would have to fail a huge number of log-in attempts without detection or scrutiny.
“That implies that an attacker tried tens or even hundreds of thousands of username and password combinations on Ring’s website, and Ring didn’t even notice until they were alerted by security researchers,” the group wrote.
“Ring cameras have extremely sensitive data -- live footage adjacent to and often within the home -- at their disposal. This means that Ring should be extra careful with account information, not just employing basic account protections.”