Security & Fraud

Thousands Of Amazon Ring Passwords Leaked On Dark Web

A new security lapse has been involved with Amazon’s Ring security cameras this week.

On Tuesday (Dec. 17), a list of 1,562 Ring passwords and unique email addresses were uploaded to an unknown dark web text-sharing website, according to reports. The dark web site is frequently used for sharing stolen passwords and illegal information.

A security researcher found the passwords and email addresses on the dark web were all associated with Ring’s smart security video doorbell passwords.

He also identified that the same collection of passwords and email addresses could be used to log into Ring user accounts and access their video cameras. Hackers were able to view a Ring user’s time zone and know the exact location of their doorbells.

BuzzFeed News wrote on Thursday (Dec. 19) that a related collection of illegal data posted online were from more than 3,600 Ring doorbells.

Ring denied any claims that the company’s data was compromised.

“Our security team has investigated these incidents and we have no evidence of an unauthorized intrusion or compromise of Ring’s systems or network,” said a company spokesperson to BuzzFeed. “It is not uncommon for bad actors to harvest data from other company’s data breaches and create lists like this so that other bad actors can attempt to gain access to other services.”

The illicit data can give user access to hackers to gain control of Ring devices located in the customer’s home, including access to video data histories if settings are enabled.

To access any customer’s Ring account, anyone who holds a password and working email address is able to log into a person’s Ring account. They can then obtain a customer’s address, some payment information and phone number.

Recent reports from last week highlighted real hackers breaking into Ring video cameras throughout the U.S. On Tuesday (Dec. 17), Motherboard tested and confirmed the cameras had “shoddy” security measures. The company has also come under fire by lawmakers for having a close relationship with U.S. law enforcement agencies.

The latest news marks the home security and smart home company’s second reported leak to date. Ring’s spokesperson also added to BuzzFeed, the company will notify any customers who were affected in this incident, requiring them to reset their passwords.

——————————

PYMNTS LIVE ROUNDTABLE: TUESDAY, JULY 14, 2020 AT 12:00 PM (ET)

Digital transformation has been forcefully accelerated, but how does that agility translate into the fight against COVID-era attacks and sophisticated identity threats? As millions embrace online everything, preserving digital trust now falls mostly on banks and FIs. Now, advances in identity data and using different weights on the payment mix afford new opportunities to arm organizations and their customers against cyberthreats. From the latest in machine learning for fraud and risk, to corporate treasury teams working in new ways with new datasets, learn from experts how digital identity, together with advances like real-time payments, combine to engender trust and enrich relationships.

TRENDING RIGHT NOW