Over 1,500 Ring Passwords Disclosed on the Dark Web

Amazon’s Brand of Home Security Products Experiences a HUGE Leak of Confidential Information on the Dark Web… What Could Have Prevented This From Happening?

Amazon’s brand of home security products, Ring, creates video doorbells that are wi-fi enabled. They’re a great concept with the ability to help consumers keep an eye on their home, and in many cases, business owners are using them for the purpose of keeping an eye on their premises. But are they actually safe? A security researcher found 1,562 unique email addresses and passwords associated with the brand’s doorbells on the dark web. The login information can be used to access the cameras, as well as their time zones and locations.

Although it’s not yet known how the data was disclosed, it’s the second report on the same brand in the past week or so. BuzzFeed News also reported a very similar finding – showing over 3,600 unique email addresses and passwords. The scariest part? Login information for the video doorbells can be used to gather the following customer data:

  • Address
  • Payment information
  • Telephone number
  • Live camera footage inside the home
  • And more

How Did This Happen? And What Has Amazon’s Brand, Ring, Said About the Incident?

TechCrunch stated that nearly all of the passwords they found seemed incredible simple to guess. Although it’s not yet known exactly HOW this disclosure happened, it’s possible they were simply guessed. However, it’s said that hackers have been sharing tools to break into accounts around crime forums. Many sources say that the video doorbells have lackluster security measures.

For instance, there’s no way to see how many individuals are logged into the system at once – meaning if a hacker manages to get into the app, an account owner won’t know. Essentially, someone can sit around for days watching all of the live video feed without you even realizing. A scary situation that truly invades the privacy of users. Yassi Shahmiri, Ring Spokesperson, commented…

We’ve notified customers whose accounts we have identified as exposed and have reset their passwords. In addition, we are continuing to monitor for and block potentially unauthorized login attempts into Ring accounts.”

What Does This Mean for Businesses Using Similar Devices on Their Premises?

In the simplest terms, it means ALL businesses need to be wary of the products and/or services they’re using, especially if they’re using them without guidance from a third-party technology provider. Prior to implementing any sort of hardware or software, especially when used to monitor the office, it’s important to evaluate the risks involved. Where to Start, a team of cybersecurity experts in the Bay Area, is able to assist with:

  • Assessing your environment to determine any weak points or vulnerabilities that could otherwise be exposed.
  • Training your staff to ensure they’re aware of proper best practices, such as strong passwords and two-factor authentication.
  • Managing your devices to monitor for any types of threats, keep them up-to-date with the latest patches, and more.

Keep ALL Devices Within Your Company Safe from Attacks. Where to Start Can Help. Call (844) RASM 448.

Like this article? Keep reading…

Cryptojacking Attacks are Increasing Rapidly: Are You at Risk?
An End-of-Year Checklist for Business Technology Planning
IT Service Provider Or In-House Staff – Which Is Best For You?