Amazon and Ring Admit Employees Have Tried to Access Customers' Private Videos (UPDATE)
Revealed in an obtained letter to five U.S. Senators.
UPDATE: Amazon-owned Ring admitted in a response letter to five U.S. Senators that an unspecified, but a small number of its employees have attempted to inappropriately access customers’ home surveillance videos. Originally obtained and published by Motherboard, the letter sees the company acknowledge four internal reports about accessing customer’s him surveillance.
“Over the last four years, Ring has received four complaints or inquiries regarding a team member’s access to Ring video data,” reads the letter. “Although each of the individuals involved in these incidents was authorized to view video data, the attempted access to that data exceeded what was necessary for their job functions.”
The letter came in response to a host of questions from Senators Ron Wyden, Chris Van Hollen, Edward Markey, Christopher Coons, and Gary Peters in November of last year about privacy concerns. When Mashable attempted to question Ring and Amazon about exactly how many employees attempted inappropriate access and how many were actually successful, a spokesperson responded: “We do not comment on personnel matters.”
According to The Washington Post, Brian Huseman, a vice president of public policy at Amazon stated the company investigated four complaints in which employees “exceeded what was necessary for their job functions,” and those linked to the incidents have been terminated.
Ring, Amazon’s maker of doorbell and in-home cameras, has fired employees after four complaints of improperly accessing customer video data. Who were they? What did they look at? Were the customers told what happened? Ring won’t say https://t.co/BASO4I6GCh
— Drew Harwell (@drewharwell) January 9, 2020
Original Update (December 30, 2019): Mere days after reports broke about the hacking concerns levied against Ring, a home surveillance company owned by Amazon, a Alabama family has filed a lawsuit against Ringfor charges related to cyber attacks. Specifically, as TMZ reports, the complaint alleges that Amazon and Ring were lax in “[protecting] against cyber-attack” and thus violated the “implied contract” written on Ring’s privacy page explaining customers’ security rights.
The complaint, filed in the Central District of California on December 26, alleges that a hacker spoke to the children of the man filing the complaint via the Ring security camera, attempting to lure them closer to the device. “The ramifications of Defendant’s failure to properly secure their cameras and attendant access protocols may be felt for years to come,” continues the complaint. “As a result of the Defendants’ actions, Plaintiff and Class Members have been damages and can no longer trust the integrity of the Ring cameras or believe in security it claims to provide.”
“Ring does not comment on legal matters,” a Ring spokesperson told to Buzzfeed News, which broke news of Ring’s data leaks. The most recent leak, which occurred earlier this month, compromised information from over 3,000 Ring users, including including emails and passwords. Criminals could use this data to access a Ring user’s payment details, home address, telephone number, 30-60 day video history and even live camera footage streamed directly from the cameras installed within and around each victim’s home.
Litigation has yet to begin, but the complaint includes a request that the lawsuit take on class action status, incorporating Ring owners across the country.
ORIGINAL STORY (December 13, 2019): There have been multiple occasions over the past few weeks where Amazon-owned Ring security camera users have reported aggressive hacks, where hackers verbally speak to those being surveilled and continue to watch them from a distance until the cameras are unplugged. Ring has issued a similar statement to all parties experiencing similar situations, but says the incidents are “in no way related to a breach or compromise of Ring’s security.”
One of the first incidents reported was a woman in Georgia who said that a man started speaking to her through her Ring camera while she was asleep in bed. In a video clip, the hacker can be heard shouting, “Wake up!” and “I can see you in the bed.” At another point in the video, he is heard calling to the couple’s puppy who was also in the room at the time. According to local Atlanta news outlet WSB-TV, the woman first believed her boyfriend was using the camera after she heard a cough over the speaker and saw the blue light turn on. However, her boyfriend was confused when she contacted him, and then a stranger’s voice started speaking to her.
Other people who have experienced similar cases include an eight-year-old girl in Mississippi, a couple in Texas whose lives were threatened unless they paid a bitcoin ransom, a man in Connecticut who discovered a stranger was communicating with his mother-in-law, and plenty more.
Ring’s statement below notes that part of the problem likely stems from its customers lack of password protection. It suggests all Ring camera users enable two-factor authentication in order to ensure a safe experience.
Customer trust is important to us and we take the security of our devices seriously. While we are still investigating this issue and are taking appropriate steps to protect our devices based on our investigation, we are able to confirm this incident is in no way related to a breach or compromise of Ring’s security.
Due to the fact that customers often use the same username and password for their various accounts and subscriptions, bad actors often re-use credentials stolen or leaked from one service on other services. As a precaution, we highly and openly encourage all Ring users to enable two-factor authentication on their Ring account, add Shared Users (instead of sharing login credentials), use strong passwords, and regularly change their passwords.
Ring has investigated this incident and has taken appropriate actions to remove the bad actors from all affected accounts. All affected users have been contacted.
Elsewhere in tech, Google’s Interpreter Mode can now translate 44 languages in real time.
