Over 3,600 Ring Camera Owners Had Their Log-in Credentials Leaked
The log-in credentials for 3,672 Ring camera owners have been leaked this week in a security breach. The leak exposed log-in emails, passwords, time zones, and the names people gave to their Ring cameras. Often those names are specific to where the camera is located, such as "bedroom" and "front door."
Using the information that was leaked, an intruder could access the Ring customer's home address, telephone number, and payment information. The payment information included the type of credit card, the last four digits, and the security code. The worst thing about this breach is that it gave the intruders access to live camera footage to all cameras associated with the account.
It also gave up to 60 days of video history, depending on the cloud storage plan. It remains a mystery for now how the breach happened. Ring has denied that its system was breached. Ring has declined to tell BuzzFeed News how it had became aware of the leak and if the leak affected a third party that Ring uses to provide its services.
A Ring spokesperson did say that its security team had investigated the incidents, and it has no evidence of an unauthorized intrusion or compromise. Ring did note that it was not uncommon for data to be harvested "from other company's data breaches," but it didn't specify what other company it was talking about. Ring will be notifying impacted users and advising them to reset their passwords.
One user said they had received a notice on December 18. Security experts say that the format of the data indicates it came from a company database. Data obtained by using credentials leaked in other security breaches wouldn't be formatted like that, according to the researchers. Last month a Google camera flaw allowed hackers to potentially exploit millions of Android devices.