Fraud Management & Cybercrime
A System Error Fueled Ring’s Login Issues Wednesday Despite Tweets to the Contrary
Amazon pushed back Wednesday on social media buzz that hackers penetrated the network of home surveillance device Ring, attributing consumer logon errors to a backend system error made during a routine system update.
Security researcher Kevin Beaumont tweeted a screenshot of a self-desrcibed Ring user who has 34 followers and who wrote “@ring, my account was hacked and I can’t recover my account the hacker is making vulgar comments towards me and my neighbors through the door bell.”
The user, Aaron Manville, responded to an online comment four minutes later, stating, “I believe they are hacked someone has been making vulgar and nasty comments towards me and my neighbors through my door bell camera.” Ring also responded to Manville’s original tweet asking him to send the Amazon subsidiary a direct message with additional details.
See Also: Now OnDemand | C-Suite Round-up: Connecting the Dots Between OT and Identity
A Ring spokesperson told ISMG that as of late afternoon Wednesday, the company has unable to confirm if Manville is a customer.
It is true that some users were unable to log into their accounts, the spokesperson acknowledged. The service interruption didn’t stem from a hack and has been resolved, the company says.
Ring’s Security Practices in the Crosshairs
If hackers did manage to get inside a Ring device today, it wouldn’t be the first time. The Washington Post reported in 2019 that several Ring users reported their systems had been infiltrated by hackers who harassed them through the camera’s two-way talk feature, including a man who repeatedly directed racial slurs at an 8-year-old via a Ring in her bedroom.
A spokesperson for Ring told The Post at the time that what happened to the girl didn’t stem from a breach or compromise of Ring’s security. Instead, the bad actors re-used credentials stolen or leaked from other services. That’s the same explanation Ring provided in December 2019 after hackers told a Texas couple to pay a ransom or “get terminated.”
That same month, Motherboard found that Ring’s software did not implement basic security features, allowing the publication to access a Ring account from IP addresses based in multiple countries without warning the user. In response, Ring encouraged its users to follow security best practices to ensure their account stays secure.
In early 2020, Ring began mandating the use of multifactor authentication for all users to help stop the takeover of the web-connected home security cameras. At the same time, the company launched a Control Center to help users see if they have multifactor authentication enabled, what devices are connected to their accounts, and what third-party services have access.