- Ukraine Police Bust Fraud Scheme - October 15, 2023
- Saudi Man Sentenced for X & YouTube - October 15, 2023
- Pro-Russia Hackers Leak Military Data - October 15, 2023
Manufacturer Ring agreed to stop making money from unauthorized access to user videos and pay $5.8 million in compensation to consumers. The US Federal Trade Commission (FTC) highlighted this in their statement.
What Happened During the Attack
The FTC claims that the hackers broke into around 55,000 US customers’ Ring accounts and, in some cases, continued to have access to connected devices for more than a month. The hackers utilized the cameras’ access to spy on and stalk unknowing victims during the hack.
After multiple inquiries by Motherboard journalists into the wave of hacking attacks on Ring accounts and their cameras around the nation in December 2019, the FTC filed a complaint with Ring.
Since Ring did not implement these safeguards, the attacks were effective. For instance, well-known media publications started reporting on compromised Ring devices on December 12, when hackers utilized access to cameras to threaten and ridicule kids and families.contact the FTC.
In many instances, the hackers went even further during the takeover of 55,000 accounts. Based on the complaint, the attackers also had access to saved footage, live streaming, or reading a user’s profile for at least 910 U.S. accounts linked to roughly 1,250 Ring devices.
Motherboard’s investigation revealed the following transgressions by the business:
- Even when connected simultaneously from several different countries around the world, Ring allows users to join in from anonymous IP addresses;
- Nevertheless, the corporation does not allow consumers to view how many users are currently signed into the account;
- Ring did not perform SMS verification when connecting in with an unfamiliar login;
- Ring does not compare user password hashes against previously known hacked credentials;
- Ring did not implement account password brute-force security, which would have prevented an attacker from conducting attacks and brute-force attacks on users’ accounts.
- The company enabled seamless access over the anonymous Tor network.stuffing credentials. The FTC raised the same issues that Motherboard did in its complaint.
Cybersecurity Measures
Ring must erase data products obtained from unlawfully watched movies, develop a privacy and security program, and use “other strong security measures, such as two-factor authentication (2FA) for both employee and customer accounts,” according to the decision.
The order cannot go into effect unless it has been approved by a federal judge. An inquiry for comment from Ring was not answered.