Amazon's Ring camera owners compromised, over 3,500 email-passwords leaked
What's the story
It is a bad week for internet giants!
Only yesterday, a security researcher reported the discovery of a database containing over 26 crore leaked Facebook user IDs, phone numbers, and names.
And, now, in another scary case, a cache of more than 3,500 log-in credentials for Amazon's Ring cameras have been exposed online.
Here's all you need to know about it.
Leak
3,672 Ring camera emails, passwords posted online
The database, first reported by BuzzFeed News, contained information on as many as 3,672 Ring camera owners.
This included a range of data, including their unique email addresses, passwords, time zones, and the names given to specific cameras (like kitchen or front door).
Notably, TechCrunch also reported the discovery of a similar-looking database, albeit with just 1,562 records, on a dark web text-sharing site.
Threat
This poses a major threat to security of Ring owners
While TechCrunch's database also had email-password combinations, it remains unclear if the records in it are exactly similar to those reported by BuzzFeed.
Either way, the data in question is extremely critical, as a threat actor could use it to log into Ring owners' accounts and access the live camera footage, historical recordings or other information like home address, phone number, and payment data.
Reason
No word on how this information was exposed
So far, there's no evidence indicating when or how Ring camera owners' log-in credentials were exposed.
The Amazon-owned company, on its part, has distanced itself saying that there was no breach on its side.
"Ring has not had a data breach," it said. "Our security team has investigated these incidents, and we have no evidence of an unauthorized intrusion or compromise of Ring's systems."
Information
Ring: Perhaps, it is information from some other company's breach
"It is not uncommon for bad actors to harvest data from other company's data breaches and create lists like this so that other bad actors can attempt to gain access to other services," the company added while throwing the blame for the leak around.
Notification
Still, the company is notifying some affected users
Amazon emphasized that its security hasn't been breached but also accepted that some of its customers have been exposed.
In a statement to The Verge, the company said it is notifying the affected users and resetting their passwords as a precautionary step.
However, the weird thing is, not every individual whose records were exposed received the security alert from Ring.
Recommendation
Enable two-factor authentication for account security
As it remains unclear how this information was exposed, we'd recommend upgrading the security of your Ring account by enabling two-factor authentication and choosing a password created by a reliable password manager.
With these steps, hackers won't be able to carry out brute force attacks, which is exactly what, Amazon says, the email-passwords combinations from 'other company's data breaches' have been shared for.