Nearly 4,000 Ring Credentials Leaked, Including Users' Time Zones And Device Names
from the Ring-PR-team-looking-to-expand:-masochism/sociopathy-a-plus! dept
The eternal flame that is Ring’s dumpster fire of an existence continues to burn. In the past few months, the market leader in home surveillance products has partnered with over 600 law enforcement agencies to:
- Engage in law enforcement stings that don’t sting anyone
- Teach cops how to bypass warrant requirements
- Sign up a bunch of people for its snitch app
- Use said snitch app to generate “suspicious person” alerts
- Blame users for not securing their cameras properly
- Admit the company places no restrictions on sharing of subpoenaed footage by law enforcement agencies
- Let everyone know it’s collecting images of children
The latest bad news for Ring — via Caroline Haskins of BuzzFeed — is another PR black eye inflicted on a company whose face that still hasn’t healed from the last half-dozen black eyes.
The log-in credentials for 3,672 Ring camera owners were compromised this week, exposing log-in emails, passwords, time zones, and the names people give to specific Ring cameras, which are often the same as camera locations, such as “bedroom” or “front door.”
The compromised data plays right into the hands of the assholes who hang out in certain online forums solely for the purpose of hijacking people’s Ring devices to hassle individuals who thought their homes would be more secure with the addition of an internet-connected camera.
Ring says this leak of personal data isn’t its fault. The company claims there’s been no breach. Maybe so, but the information is out there and presumably being exploited.
And it’s kind of hard to take Ring’s word for it. The company has been doing nothing but putting out PR fires ever since its law enforcement partnerships came to light earlier this year. And its explanation for where the sensitive data came from makes very little sense.
“Ring has not had a data breach. Our security team has investigated these incidents and we have no evidence of an unauthorized intrusion or compromise of Ring’s systems or network,” the spokesperson said. “It is not uncommon for bad actors to harvest data from other company’s data breaches and create lists like this so that other bad actors can attempt to gain access to other services.”
Ring’s spokesperson did not specify which other “companies” it suspected of carelessly handling device names given to Ring devices by Ring users. The spokesperson also failed to explain why Ring took no interest in this sensitive Ring user info until after the security researcher who discovered the compromised credentials discussed his findings on Reddit. “Unable to assist” is not a proper response to notification of a possible breach, but that’s exactly what Ring reps told the researcher when he first informed them of what he had found.
Ring may have been quick to blame users for the commandeering of their cameras by a forum full of shitbirds, but the company does almost nothing to ensure users are protected from malicious activity. The only thing Ring does is recommend users utilize two-factor authentication and “strong passwords” (whatever that means). It does not alert users of attempted logins from unknown IP addresses or inform users how many users are logged in at any given time. Ring is doing less than the minimum to protect users but still seems to feel device hijackings are solely the fault of end users.
This is a garbage company. There’s no way around it. Ring has prioritized market growth and law enforcement partnerships over the millions of citizens/customers who own its products. Rather than provide a secure product that makes people safer, it’s selling a domestic surveillance product that comes with law enforcement strings attached. It has shown it will bend over backwards for the government but is only willing to deliver the most hollow of “we care about our customers” statements in response to news cycle after news cycle showing it absolutely gives zero fucks about its end users.