Ring Releases Statement After String of Home Security Devices Hacked
Written by SOURCE on December 17, 2019
If you haven’t decided to cut your cable then you know that advertisements for Ring cameras are being pushed hard by the Amazon-owned Ring Inc. security company, whose stated intent is to save you from break-ins (especially when you’re away), and also from having packages taken off your front step.
But, as is the case for pretty much everything these days, warnings paired with relatively alarming anecdotes are notifying current owners (and prospective buyers) about the fact that the system could be breached and some faceless hacker could watch you and your family/roommates as you all chill in your living quarters.
In fact, not coincidentally, The New York Times has relayed some of these anecdotes, which include a December 4 incident in which the song “Tiptoe Through the Tulips” began playing in the empty bedroom of a Mississippi family’s home. When the 8-year-old daughter of the homes owner’s went to check the source of the music a man allegedly spoke to her through the system’s speaker where he reportedly called her a racial slur and said that he was “Santa Claus.”
The Times reports that this hack was at least the fourth (and probably more) in a string of similar instances, following reports of akin creepiness that took place in Connecticut, Florida, and Georgia.
As for how the family in Mississippi handled it, the girl’s mother (Ashley LeMay) said she and her husband unplugged the camera and reported the incident to Ring and also the local police. Since it occurred 12 days ago she says she has been contacted by both the FBI and Ring’s COO, Jon Irwin. She relayed that she was not happy with Ring’s response, which she claims pushes blame onto customers.
As for Ring’s side of things, a spokeswoman for the company released a statement on Saturday that said that they take security breaches seriously, and stated that hackers were gaining control of customers devices by gaining access to their logins. They also released a blog post that said they hadn’t been compromised, and gave advice about what you should do to protect your privacy:
“Recently, we were made aware of an incident where malicious actors obtained some Ring users’ account credentials (e.g., username and password) from a separate, external, non-Ring service and reused them to log into some Ring accounts,” they said in their post. “Unfortunately, when people reuse the same username and password on multiple services, it’s possible for bad actors to gain access to many accounts.
“Upon learning of the incident, we took appropriate actions to promptly block bad actors from known affected Ring accounts and affected users have been contacted. Out of an abundance of caution, we encourage Ring customers to change their passwords and enable two-factor authentication.”
The company also says that they sent emails out to their millions of customers reminding them to utilize multi-factor authentication.
As for an easy-ish fix, Tim Weber, a certified ethical hacker who spoke to The Times, said that he recommends not using old passwords due to the fact that they could’ve been acquired in an old data breach that said hypothetical password user might not even know about.
As for the trio of other Ring reports on the record, one included a Connecticut man who said he felt “violated” when a hacker woke up his sleeping mother-in-law by shouting obscenities.
Additionally a woman in Cape Coral, Florida said that she was freaked when a hacker was heard asking if she and her husband’s interracial son was a “baboon.” She stated in an email to The Times that she believes that the person who hacked her is the same guy that breached the other Ring homes after hearing his voice.
As for the woman in Georgia, she said she was terrified after a man began talking to her while she was in her bed.
You can read the whole thing at the New York Times, which seems especially recommendable if you have one of these systems.