• Thu. Oct 19th, 2023

Producer of Surveillance Cameras Ring will Spend $5.8M on Customer Surveillance

Avatar photo

ByEsme Greene

Jul 9, 2023
Ring to spend $5.8M on customer surveillance
Esme Greene
Latest posts by Esme Greene (see all)

Manufacturer Ring agreed to stop making money from unauthorized access to user videos and pay $5.8 million in compensation to consumers. The US Federal Trade Commission (FTC) highlighted this in their statement.

What Happened During the Attack

The FTC claims that the hackers broke into around 55,000 US customers’ Ring accounts and, in some cases, continued to have access to connected devices for more than a month. The hackers utilized the cameras’ access to spy on and stalk unknowing victims during the hack. 

After multiple inquiries by Motherboard journalists into the wave of hacking attacks on Ring accounts and their cameras around the nation in December 2019, the FTC filed a complaint with Ring.

Since Ring did not implement these safeguards, the attacks were effective. For instance, well-known media publications started reporting on compromised Ring devices on December 12, when hackers utilized access to cameras to threaten and ridicule kids and families.contact the FTC.

In many instances, the hackers went even further during the takeover of 55,000 accounts. Based on the complaint, the attackers also had access to saved footage, live streaming, or reading a user’s profile for at least 910 U.S. accounts linked to roughly 1,250 Ring devices.

Motherboard’s investigation revealed the following transgressions by the business:

  • Even when connected simultaneously from several different countries around the world, Ring allows users to join in from anonymous IP addresses
  • Nevertheless, the corporation does not allow consumers to view how many users are currently signed into the account;
  • Ring did not perform SMS verification when connecting in with an unfamiliar login; 
  • Ring does not compare user password hashes against previously known hacked credentials;
  • Ring did not implement account password brute-force security, which would have prevented an attacker from conducting attacks and brute-force attacks on users’ accounts. 
  • The company enabled seamless access over the anonymous Tor network.stuffing credentials. The FTC raised the same issues that Motherboard did in its complaint.

Cybersecurity Measures

Ring must erase data products obtained from unlawfully watched movies, develop a privacy and security program, and use “other strong security measures, such as two-factor authentication (2FA) for both employee and customer accounts,” according to the decision.

The order cannot go into effect unless it has been approved by a federal judge. An inquiry for comment from Ring was not answered.

Avatar photo

Esme Greene

Esme brings a wealth of knowledge and experience to our website, specializing in all aspects of DarkWeb security. With a deep understanding of the intricate workings of the DarkWeb and its associated cybersecurity risks, Esme curates insightful and informative content for our readers.