Skip to main content

Sign up for our newsletter.

Quality journalism. Progressive values. Direct to your inbox.

Please Support Common Dreams This #GivingTuesday

Our coverage of the climate emergency, Covid-19, and rising authoritarianism have intensified over the last two years. But our expenses during the pandemic have gone up as well. This has been one of the toughest years we’ve ever faced. Though our content is free to all, less than 1% of our readers ever make a donation. We're counting on you. Please support independent media today.

Please Help This #GivingTuesday -- Though our content is free to all, less than 1% of our readers give. We’re counting on you. Please help Common Dreams end the year strong.

A "Ring Stick Up Cam" is pictured at the Amazon Headquarters on September 20, 2018 in Seattle.

A "Ring Stick Up Cam" is pictured at the Amazon Headquarters on September 20, 2018 in Seattle. (Photo: Stephen Brashear/Getty Images)

Just Two Days After Product Warning Issued for Amazon Ring, Reporting Reveals Data of 3,000 Users Leaked

"This gives a potential attacker access to view cameras in somebody's home in some of these cases—that's a real serious potential invasion of privacy right there."

Eoin Higgins

Reporting from BuzzFeed News on Thursday revealed the leak of personal information from 3,672 users of Amazon Ring, just two days after a coalition of groups led by privacy advocates Fight for the Future issued a product warning due to the surveillance camera doorbell's security and susceptibility to hackers.

"This gives a potential attacker access to view cameras in somebody's home in some of these cases," Electronic Frontier Foundation security researcher Cooper Quintin told BuzzFeed News, "that's a real serious potential invasion of privacy right there."

Ring reportedly sent a security alert to customers recommending they change passwords.

According to BuzzFeed News

Security experts told BuzzFeed News that the format of the leaked data—which includes username, password, camera name, and time zone in a standardized format—suggests it was taken from a company database. They said data obtained via credential stuffing—when previously-compromised emails and passwords are used to get access to other accounts—would likely not display RIng-specific data like camera names or time zone.

After the reporting's publication Thursday, New York Times product review vertical Wirecutter announced on Twitter that it would no longer recommend Ring and urged customers with the device to take extensive security measures. 

"In light of recent reports about the security of Ring devices, we're suspending our recommendation of Ring products and updating affected guides as soon as possible," tweeted Wirecutter. "Ring owners should turn on 2FA and update their passwords with a new, previously unused one."

"Amazon is not taking the steps necessary to protect their users," Fight for the Future chief technology officer Ken Mickles said in a statement.

In a statement to BuzzFeed News, Ring denied there was a "data breach" and pinned the blame for the leak on "bad actors."

Also on Thursday, TechCrunch reported that there is a separate cache of over 1,500 Ring passwords on the so-called dark web. 

"The list of passwords was uploaded on Tuesday to an anonymous dark web text-sharing site, commonly used to share stolen passwords and illicit materials," according to TechCrunch. "A security researcher found the cache of email addresses and passwords, which can be used to log in to and access the cameras, as well as their time zone and the doorbell's location, such as 'driveway' or 'front door.'"

Fight for the Future's product warning detailed the concerns over the technology's vulnerability to hackers and other malicious actors:

Last week, a man hacked into a Ring camera to watch an 8 year old girl and speak to her. He introduced himself as Santa Claus and then proceeded to have a conversation with the young girl through a Ring camera her parents had installed in her bedroom. Since this chilling incident, there have been new reports daily of other users and their families being harassed by hackers who've broken into their Ring devices.

This isn't an isolated incident. Multiple security issues with Ring products, which already raised significant privacy and civil liberties concerns, have been reported over the past several months. Amazon’s Ring doorbells leaked user's Wi-Fi passwords. Ring's Neighbors app discloses users' home addresses. In response to Senate inquiry, Amazon acknowledge they have no safeguards in place to protect users' footage when shared with 3rd parties. 

It's not the first controversy for the camera. Ring has been linked to worrying trends in the connection between tech companies and law enforcement, including agreements the company makes with police departments around the country that reportedly do not allow law enforcement officials to disclose.

"There have been a number of pretty stunning breaches with Ring devices in the last few weeks, and it seems to me like Ring is more interested in making friends with and providing information to police than it is in actually protecting its customers' security," said Electronic Frontier Foundation's Quintin.

"For too long, we've been sold a false choice between privacy and security," wrote Evan Greer, campaign director for Fight for the Future, in an opinion piece Tuesday. "It's more clear every day that more surveillance does not mean more safety, especially for the most vulnerable."

"Talk to your family and friends and encourage them to do their research before putting any private company's surveillance devices on your door or in your home," Greer continued. "In the end, companies like Amazon and Google don't care about keeping our communities safe; they care about making money."

Our work is licensed under Creative Commons (CC BY-NC-ND 3.0). Feel free to republish and share widely.

... We've had enough. The 1% own and operate the corporate media. They are doing everything they can to defend the status quo, squash dissent and protect the wealthy and the powerful. The Common Dreams media model is different. We cover the news that matters to the 99%. Our mission? To inform. To inspire. To ignite change for the common good. How? Nonprofit. Independent. Reader-supported. Free to read. Free to republish. Free to share. With no advertising. No paywalls. No selling of your data. Thousands of small donations fund our newsroom and allow us to continue publishing. Can you chip in? We can't do it without you. Thank you.

Iran Says US Must Lift 'Tyrannical and Illegal' Sanctions to Return to Nuclear Deal

"The Islamic Republic of Iran has entered the talks with a strong will and elaborate preparations in order to ensure the removal of unlawful and cruel sanctions."

Jake Johnson ·

2.5 Million Nurses Demand UN Probe Into 'Covid-19 Criminals' Blocking Patent Waiver

The European Union, the United Kingdom, Switzerland, Norway, and Singapore "must be investigated for blocking a faster global vaccine rollout leading to the loss of countless lives."

Jake Johnson ·

WHO, South Africa Urge Nations to Lift 'Naive' Omicron Travel Bans

"The only thing the prohibition on travel will do is to further damage the economies of the affected countries and undermine their ability to respond to, and recover from, the pandemic."

Brett Wilkins ·

EU Joins Rights Group in Condemning Israel's 'Day of Destruction' of Palestinian Homes

"Demolitions are illegal under international law and significantly undermine the prospects for peace."

Brett Wilkins ·

GOP 'Silence Speaks Volumes,' Says Ilhan Omar as Boebert's Bigotry Goes Unpunished

"Normalizing this bigotry not only endangers my life but the lives of all Muslims. Anti-Muslim bigotry has no place in Congress."

Brett Wilkins ·

Support our work.

We are independent, non-profit, advertising-free and 100% reader supported.

Subscribe to our newsletter.

Quality journalism. Progressive values.
Direct to your inbox.

Subscribe to our Newsletter.

Common Dreams, Inc. Founded 1997. Registered 501(c3) Non-Profit | Privacy Policy
Common Dreams Logo