It’s not that uncommon for some people to experience an amount of joy and excitement at the news of websites, databases, and institutions getting hacked. Some people, however, view these incidents as something far removed from them, something that happens to everyone except them. Reality, however, has taken on a frightening turn for owners of Ring security cameras who suddenly find virtual intruders in their homes, thanks to hackers who break into the security system and live stream their harassment for the entertainment of a few.
The irony is probably lost on no one that the very devices that are supposed to keep homes and their owners safe have become the very vehicle for violations of their privacy. Tools to hack Ring security cameras have unfortunately become widespread enough to become almost common. And to show off their abilities and get a few kicks, some of these hackers have taken to live streaming their activities in bold defiance to authorities.
Some may find it entertaining but these hacks live streamed in podcasts are no joke. Hackers have frightened homeowners, harassed them with foul language, and even demanded a ransom. Hackers, however, may have gotten over their heads. The frequency and spread of incidents have caught the attention of mainstream media, forcing authorities to act swiftly.
The Discord chat server where such Ring hackings were streamed has removed all mention of such activities and banned discussion on the matter. That action may only be superficial as there are some indications that the activities will continue, perhaps more secretly than before.
Ring says it is investigating the matter but insists it has nothing to do with any breach of Ring’s security. Instead, it lays the responsibility on owners who may have not used strong security practices to protect their accounts. That is unlikely to help Ring’s image as reports continue to flow on its privacy practices, making the popular Amazon-owned smart camera company an increasingly unpopular name.
UPDATE: Ring reached out with a statement regarding the spate of hacking incidents. It clarifies that the user credentials used to break into owners’ devices were not taken from the company through a security exploit but from third-part sources, social engineering, or brute force. Here’s the statement in full:
Customer trust is important to us and we take the security of our devices seriously. Our security team has investigated this incident and we have no evidence of an unauthorized intrusion or compromise of Ring’s systems or network.
Recently, we were made aware of an incident where malicious actors obtained some Ring users’ account credentials (e.g., username and password) from a separate, external, non-Ring service and reused them to log in to some Ring accounts. Unfortunately, when the same username and password is reused on multiple services, it’s possible for bad actors to gain access to many accounts.
Upon learning of the incident, we took appropriate actions to promptly block bad actors from known affected Ring accounts and affected users have been contacted. Consumers should always practice good password hygiene and we encourage Ring customers to change their passwords and enable two-factor authentication.