Amazon.com Inc. AMZN's Ring doorbell security system is defending itself against claims it has been "hacked" several times, with reports that families have had strangers watch their kids and pets and talk to them through the system.
On Thursday, a new report surfaced that the login credentials for thousands of accounts appear to have been made available on the web, possibly after people harvested information on the users from a separate data breach and "guessed" login information for Ring users.
Ring's Latest Issue
BuzzFeed reported Thursday that the login credentials for more than 3,600 Ring camera owners were compromised this week, exposing login emails and passwords.
Someone with the information could log into a Ring account, watch live footage from the owner's cameras and access the customers' addresses, phone numbers and possibly some payment information.
BuzzFeed said it was tipped to the availability of the data by a security researcher who said he found a list of compromised credentials posted anonymously on a website.
Ring denied that the information came directly from the company.
Ring's Response
"Ring has not had a data breach," the company said in a statement.
"Our security team has investigated these incidents, and we have no evidence of an unauthorized intrusion or compromise of Ring’s systems or network. It is not uncommon for bad actors to harvest data from other company’s data breaches and create lists like this so that other bad actors can attempt to gain access to other services."
These types of breaches are known as "credential stuffing," where attackers collect usernames and passwords from another data breach and try them on other websites.
Ring earlier this month said in a blog post that it had learned that some Ring services were compromised. It's unclear if the instances the company was referring to are the same ones that BuzzFeed reported on this week.
"Upon learning of the incident, we took appropriate actions to promptly block bad actors from known affected Ring accounts and affected users have been contacted," Ring said in a blog post. "Out of an abundance of caution, we encourage Ring customers to change their passwords and enable two-factor authentication."
Ring’s Services Have Not Been Compromised - Here’s What You Need to Know: https://t.co/gi4rXKFGNI
— Ring (@ring) December 12, 2019
Media reports have included a few examples of people "hacking" into Ring doorbell cameras, though the company has steadfastly maintained that people who are "breaking into" the camera feeds haven't hacked in, but are guessing passwords based on others they've stolen and simply logging in.
"When the same username and password is reused on multiple services, it's possible for bad actors to gain access to many accounts," a Ring spokesperson said in a statement after one family reported someone used its Ring system to talk to the family's dogs.
"We have no evidence of an unauthorized intrusion or compromise of ring's systems or network."
Amazon Price Action
Amazon stock was trading 0.14% higher at $1.794.70 at the time of publication Friday.
Related Links:
'Something Wrong With The Silicon Valley Propaganda': Peter Thiel Talks About Tech And Trump
William Blair: Could Amazon's Ring Acquisition Create A Smart Home Alarms Race?
Photo courtesy of Ring.
© 2024 Benzinga.com. Benzinga does not provide investment advice. All rights reserved.
Comments
Trade confidently with insights and alerts from analyst ratings, free reports and breaking news that affects the stocks you care about.