X

Thousands of Ring owners had personal info exposed in data leak, report says

Ring disputes the claim, saying it hasn't suffered a data breach.

Carrie Mihalcik Former Managing Editor / News
Carrie was a managing editor at CNET focused on breaking and trending news. She'd been reporting and editing for more than a decade, including at the National Journal and Current TV.
Expertise Breaking News, Technology Credentials
  • Carrie has lived on both coasts and can definitively say that Chesapeake Bay blue crabs are the best.
See full bio
Carrie Mihalcik
2 min read
ring-stick-up-camera-amazon-event-1
Ben Fox Rubin/CNET

Thousands of people who use Ring cameras reportedly had their personal information exposed this week. The log-in credentials for 3,672 Ring owners were compromised in a data leak, exposing emails, passwords, time zones and the names given to specific Ring cameras, according to a report Thursday from BuzzFeed News

In a statement Thursday, Ring said it hasn't fallen victim  a data breach, adding that it's not uncommon for bad actors to harvest data from "other company's data breaches" and create lists of credentials that could be used in attempts to gain access to other services. 

"Our security team has investigated these incidents, and we have no evidence of an unauthorized intrusion or compromise of Ring's systems or network," said a Ring spokesperson.

Ring said it's also notifying customers whose accounts have been identified as exposed and resetting their passwords. The Amazon-owned company also said it encourages all customers to enable two-factor authentication to secure their accounts.

With the info in the data leak, hackers could access a Ring customer's home address, telephone number and payment information, according to BuzzFeed News. They could also reportedly access live video from active Ring cameras associated with an account. 

BuzzFeed said it verified the leak by "confirming the exposed information with four individuals whose log-ins were compromised." A security expert told BuzzFeed News that the format of the data suggests it may've been taken from a company database rather than obtained by credential stuffing, which is when previously exposed email and password combinations are used to gain access to other accounts. 

This comes as reports have rolled in around the country about hackers logging into Ring cameras and harassing people in their homes. Ring has also said those hacks didn't affect its corporate systems and are a result of customers reusing passwords that were stolen in other security breaches.

Ring is also facing mounting privacy concerns for helping police build a surveillance network with its smart doorbells. Police departments that partnered with Ring had access for more than a year to a map outlining where the video doorbells were installed. That feature was removed in July.

Originally published Dec. 19, 12:41 p.m. PT.
Update, 1:21 p.m.: Adds more background on Ring.