3,000 Ring Doorbell and Camera Accounts May Be Vulnerable to Hackers
Ring users should change their passwords and enable two-factor authentication
Ring is urging more than 3,000 users to change their passwords and use two-factor authentication after reports surfaced that Ring login information may have been exposed online.
Having these usernames and passwords could allow bad actors to access someone’s Ring smartphone app and see live camera feeds and recordings, phone numbers, and home addresses.
A Ring spokesperson told Consumer Reports that the data exposure didn’t involve the company’s own system. There is “no evidence of an unauthorized intrusion or compromise of Ring’s systems or network,” the spokesperson said.
Instead, the account information appears to have come from other data breaches. In a practice called “credential stuffing,” hackers take usernames and passwords from data breaches elsewhere and attempt to break into other accounts. That’s possible because many people use the same usernames and passwords with numerous online accounts.
Besides changing passwords, the company is encouraging customers to enable two-factor authentication, which adds an additional step of making anyone trying to access an account enter a security code that is sent to the account holder via text message.
Ring doesn’t require users to do so, however. Ring’s head of communications, Yassi Shahmiri, declined to comment on why Ring doesn’t require the use of two-factor authentication.
Passwords & Firmware 101
Online privacy and security are huge issues facing a lot of people today. On the "Consumer 101" TV show, Consumer Reports expert Maria Rerecich explains why it's not just phones and computers that people should be concerned about.