More than 3,000 Ring customers’ credentials were compromised in a recently announced Ring doorbell data leak. However, according to sources from the company, there has been no data breach or attack on the company’s systems. What’s at stake, and how did it happen?
First, the compromised information from the Ring doorbell data leak includes some payment card information, email logins and passwords, locations and very specific names that the customers assigned to their Wi-Fi-enabled doorbell/camera combos. Ring, which is famous for its doorbell that lets users see, record and interact with someone who comes to their door, also makes interior cameras that are smartphone-controlled over Wi-Fi. These cameras were accessible to the criminals, even in real-time, once the credentials were stolen.
However, a company spokesperson said that Ring’s network and servers were not compromised, which leads to the possibility of credential stuffing being at the core of the Ring doorbell data leak. This happens when a username and password are stolen in an unrelated data breach, and then those credentials are cross-matched to other accounts. If the customer reused the old stolen email and password on their Ring account, that would give the thief access to it. It would also explain why an oddly specific number of accounts, 3,672 according to Buzzfeed, was accessed.
General password hygiene has been a hot topic for a long time, but the message is still not reaching all tech users. The need for strong, unique passwords has been shared, but unless tech users follow through by creating lengthy, seemingly random passwords that they only use on one account, they are simply not protected. Moreover, changing your passwords frequently is a great idea since a treasure trove of old login credentials could end up online or be discovered long after the fact. If you frequently change your password, it does not matter what kind of information a cybercriminal finds since it will no longer provide access to your account.
There is another concerning facet to the news of the Ring doorbell data leak, and that is the relaxed approach so many tech users have taken to internet-enabled invasions of privacy. While things like cameras and voice-activated home assistants are highly beneficial to a lot of people, there is simply no excuse for installing something like a camera that records your child’s bedroom and then not keeping it as secure as possible. A hacker with the right skillset can break into some of the world’s best defenses, but you do not have to make their job easier by failing to protect yourself. Password security is important at all times, but never more so than when your personal safety is on the line.
You might also like…