- An eight-year-old girl was terrorized after a hacker gained access to a Ring security camera installed in her bedroom.
- Ring maintains that there was no hack of its platform. Instead, a spokesperson attributed the incident to a third-party data breach.
- The lesson? Don't reuse your passwords across websites, don't share them, and set up two-factor authentication to avoid this kind of harassment.
Imagine entering your bedroom, hearing the creepy Tiny Tim song "Tiptoe Through the Tulips," and then meeting a strange, disembodied voice that tells you to call your mother racial slurs or mess up your room. Oh yeah, and the voice says that you're best friends. And it's actually Santa Claus who's talking to you. All of this, by the way, happens through a Ring home security system.
This sounds bonkers, but it's actually only a fraction of what happened to eight-year-old Alyssa LeMay when she noticed the blue light blinking on the Ring security camera installed in her room–meaning someone was watching her.
"I was down the street when my husband messaged me, asking if I had been messing with the girls with the Ring," Alyssa's mother, Ashley LeMay, told BuzzFeed News. "I started watching the video on my phone and when I heard his voice and realized it was not my husband's voice my heart just dropped and I ran back to the house."
The December 4 incident is disturbing in its own right, but it's also terrifying for two other reasons: This isn't an isolated occurrence, as there have been other instances of Ring hackers gaining access to feeds of peoples' homes, and Ring seems to have no idea what's going on—or is playing dumb.
Ashley LeMay immediately called Amazon-owned Ring after she watched the full 10-minute recording of the hacker's interaction with her daughter. Then, the next day, the family left for a cruise they had already planned. On December 6, two days after the initial interaction, Ring sent Ashley an email that said the company had detected "unusual activity" on their account. On December 9, she spoke to a Ring employee who told her that the family account had not been hacked, and that it was a data breach from a third party that was at fault.
Ring told BuzzFeed News its security team investigated this incident and found "no evidence of an unauthorized intrusion or compromise of Ring’s systems or network."
According to the company's statement, some users' credentials, including their usernames and passwords, had been acquired through a separate non-Ring service. As a result, non-secure passwords, reused across websites, left some Ring accounts vulnerable.
"Unfortunately, when the same username and password is reused on multiple services, it’s possible for bad actors to gain access to many accounts," a company spokesperson said.
How to Keep Hackers Out of Your Ring Cameras
Use Two-Factor Authentication
Two-factor authentication, the kind-of-annoying but totally necessary feature of many online accounts, forces you to not only choose a secure password, but also a second method of verification, like a phone call, text message, email or fingerprint. Be sure to enable this setting on your account (it's not a default) to keep potential hackers at bay.
Don't Reuse Passwords
Based on the comments from the Ring spokesperson who noted reused passwords in one place can be leaked and then applied to other accounts, it's a good idea to make sure your Ring account password doesn't match your credit card or electric provider passwords, for instance. If one of those other accounts becomes vulnerable, hackers can and will try to apply that username/password combo to a number of other sites, including the Ring app.
Don't Share Passwords
This is basically computers 101 from elementary school, but we do take this one for granted: Don’t share your Ring login with anyone else. That doesn't mean you should develop trust issues overnight, but it's better to add friends and family as shared users rather than giving out your login information. And make sure that those users have secure passwords, too!
