Skip to main content

Sign up for our newsletter.

Quality journalism. Progressive values. Direct to your inbox.

A "Ring Stick Up Cam" is pictured at the Amazon Headquarters on September 20, 2018 in Seattle.

A "Ring Stick Up Cam" is pictured at the Amazon Headquarters on September 20, 2018 in Seattle. (Photo: Stephen Brashear/Getty Images)

Just Two Days After Product Warning Issued for Amazon Ring, Reporting Reveals Data of 3,000 Users Leaked

"This gives a potential attacker access to view cameras in somebody's home in some of these cases—that's a real serious potential invasion of privacy right there."

Eoin Higgins

Reporting from BuzzFeed News on Thursday revealed the leak of personal information from 3,672 users of Amazon Ring, just two days after a coalition of groups led by privacy advocates Fight for the Future issued a product warning due to the surveillance camera doorbell's security and susceptibility to hackers.

"This gives a potential attacker access to view cameras in somebody's home in some of these cases," Electronic Frontier Foundation security researcher Cooper Quintin told BuzzFeed News, "that's a real serious potential invasion of privacy right there."

Ring reportedly sent a security alert to customers recommending they change passwords.

According to BuzzFeed News

Security experts told BuzzFeed News that the format of the leaked data—which includes username, password, camera name, and time zone in a standardized format—suggests it was taken from a company database. They said data obtained via credential stuffing—when previously-compromised emails and passwords are used to get access to other accounts—would likely not display RIng-specific data like camera names or time zone.

After the reporting's publication Thursday, New York Times product review vertical Wirecutter announced on Twitter that it would no longer recommend Ring and urged customers with the device to take extensive security measures. 

"In light of recent reports about the security of Ring devices, we're suspending our recommendation of Ring products and updating affected guides as soon as possible," tweeted Wirecutter. "Ring owners should turn on 2FA and update their passwords with a new, previously unused one."

"Amazon is not taking the steps necessary to protect their users," Fight for the Future chief technology officer Ken Mickles said in a statement.

In a statement to BuzzFeed News, Ring denied there was a "data breach" and pinned the blame for the leak on "bad actors."

Also on Thursday, TechCrunch reported that there is a separate cache of over 1,500 Ring passwords on the so-called dark web. 

"The list of passwords was uploaded on Tuesday to an anonymous dark web text-sharing site, commonly used to share stolen passwords and illicit materials," according to TechCrunch. "A security researcher found the cache of email addresses and passwords, which can be used to log in to and access the cameras, as well as their time zone and the doorbell's location, such as 'driveway' or 'front door.'"

Fight for the Future's product warning detailed the concerns over the technology's vulnerability to hackers and other malicious actors:

Last week, a man hacked into a Ring camera to watch an 8 year old girl and speak to her. He introduced himself as Santa Claus and then proceeded to have a conversation with the young girl through a Ring camera her parents had installed in her bedroom. Since this chilling incident, there have been new reports daily of other users and their families being harassed by hackers who've broken into their Ring devices.

This isn't an isolated incident. Multiple security issues with Ring products, which already raised significant privacy and civil liberties concerns, have been reported over the past several months. Amazon’s Ring doorbells leaked user's Wi-Fi passwords. Ring's Neighbors app discloses users' home addresses. In response to Senate inquiry, Amazon acknowledge they have no safeguards in place to protect users' footage when shared with 3rd parties. 

It's not the first controversy for the camera. Ring has been linked to worrying trends in the connection between tech companies and law enforcement, including agreements the company makes with police departments around the country that reportedly do not allow law enforcement officials to disclose.

"There have been a number of pretty stunning breaches with Ring devices in the last few weeks, and it seems to me like Ring is more interested in making friends with and providing information to police than it is in actually protecting its customers' security," said Electronic Frontier Foundation's Quintin.

"For too long, we've been sold a false choice between privacy and security," wrote Evan Greer, campaign director for Fight for the Future, in an opinion piece Tuesday. "It's more clear every day that more surveillance does not mean more safety, especially for the most vulnerable."

"Talk to your family and friends and encourage them to do their research before putting any private company's surveillance devices on your door or in your home," Greer continued. "In the end, companies like Amazon and Google don't care about keeping our communities safe; they care about making money."

Our work is licensed under Creative Commons (CC BY-NC-ND 3.0). Feel free to republish and share widely.

We've had enough. The 1% own and operate the corporate media. They are doing everything they can to defend the status quo, squash dissent and protect the wealthy and the powerful. The Common Dreams media model is different. We cover the news that matters to the 99%. Our mission? To inform. To inspire. To ignite change for the common good. How? Nonprofit. Independent. Reader-supported. Free to read. Free to republish. Free to share. With no advertising. No paywalls. No selling of your data. Thousands of small donations fund our newsroom and allow us to continue publishing. Can you chip in? We can't do it without you. Thank you.

US Progressives Express Solidarity With Iranian Protesters After Death of Mahsa Amini

"The right to choose belongs to us all, from hijabs to reproductive care," said Rep. Alexandria Ocasio-Cortez.

Julia Conley ·

Critics of Louisiana LNG Project 'Hopeful' as Huge Sales Contracts Canceled

"The fight is not over," says one activist, but "from tax breaks to pollution and now to these recent financial downswings, we have all the evidence we need to understand that Driftwood will be a parasite."

Jessica Corbett ·

DHS Officials Urge Biden to End 'Disastrous Leadership' of Embattled IG

In an anonymous letter, the Homeland Security staffers say Inspector General Joseph Cuffari's actions "embarrass the entire agency."

Brett Wilkins ·

'Big Climate Win': California to Ban Sale of Gas Heaters and Furnaces by 2030

"This is the first state to do it," noted one advocate. "Who's next?"

Brett Wilkins ·

44 House Democrats Push Biden DOJ to Investigate DeSantis Over 'Cruel Migrant Flights'

"The actions of the officials in Texas and Florida were not only fundamentally cruel and uniquely un-American; there remains a likelihood that federal laws were violated."

Jake Johnson ·

Common Dreams Logo