The Federal Trade Commission is refunding users of Ring smart cams over charges the Amazon-owned company allowed employees and contractors to access consumers’ private videos and failed to implement security protections.
In a complaint first announced in May 2023, the FTC alleged that Ring deceived its customers by failing to restrict its employees and contractors from accessing customer videos, using those videos to train algorithms without customers’ consent, and failing to implement safeguards – like multi-factor authentication. These practices, according to the complaint, “led to egregious violations of users’ privacy.”
For example, investigators found that one employee had viewed thousands of video recordings of female users of Ring cameras that watched over intimate spaces in their homes, such as their bathrooms or bedrooms. The employee had been at it for months and was only stopped when another employee discovered the misconduct.
“Even after Ring imposed restrictions on who could access customers’ videos, the company wasn’t able to determine how many other employees inappropriately accessed private videos because Ring failed to implement basic measures to monitor and detect employees’ video access,” reads the original complaint.
Ring also failed to take steps until January 2018 to adequately notify customers or obtain their consent for extensive human review of private video recordings for purposes such as training algorithms.
The company also failed to implement standard security measures to protect consumers from “credential stuffing” and “brute force” attacks, which enable hackers to use stolen or leaked login information to access existing user-accounts that lack an additional layer of security (multi-factor authentication / two-factor authentication).
As a result of this oversight, Ring customers suffered multiple hacker attacks from 2017 to 2018. Ring only enforced multifactor authentication in 2019.
“Even then, Ring’s sloppy implementation of the additional security measures hampered their effectiveness,” the FTC said.
“Bad actors not only viewed some customers’ videos but also used Ring cameras’ two-way functionality to harass, threaten, and insult consumers—including elderly individuals and children—whose rooms were monitored by Ring cameras, and to change important device settings,” the FTC said.
The FTC is now sending 117,044 PayPal payments, totaling $5.6 million, to consumers who had Ring devices, such as indoor cameras, during periods when the FTC alleges unauthorized users may have had access to customer videos. Consumers who received the notice are told to redeem their PayPal payment within 30 days.
In 2019, Bitdefender researchers discovered an issue in the Ring Video Doorbell Pro that allowed an attacker physically near the device to hack the owner’s Wi-Fi network and mount a larger attack against the household network.
Password management remains one of consumers’ weakest points, as we reveal in the Bitdefender 2024 Consumer Cybersecurity Assessment Report. 37% of netizens write down their passwords, 18.7% use the same password for three or more accounts, and 15.8% use the same password for at least two accounts.
Bitdefender strongly recommends using unique complex passwords for every one of your online accounts.
If in doubt, start the password reset flow yourself, set an all-new complex password, and avoid using SMS for multi-factor authentication. Instead, use a trusted Authenticator app.
Bitdefender Digital Identity Protection lets you instantly find out if your data has leaked online, what type of information was compromised, what risks you face, and whether your information is up for sale on the dark web.
tags
Filip has 15 years of experience in technology journalism. In recent years, he has turned his focus to cybersecurity in his role as Information Security Analyst at Bitdefender.
View all postsDecember 24, 2024
December 19, 2024
November 14, 2024