Hackers keep targeting Ring accounts.
Hackers have been publishing thousands of Ring camera account credentials on the dark web and forums frequented by cybercriminals, according to reports.
In some cases, hackers do it just for the laughs, “in the hopes that someone else would hack Ring users, hijack their accounts, play pranks, or record users in their homes,” according to a report at ZDNet.
These reports come after a Mississippi mom told Fox News that someone hacked her Ring surveillance cameras in her daughter’s bedroom and talked to her.
In an appearance on "Fox & Friends: Weekend" with host Rachel-Campos-Duffy, Ashley LeMay, who works overnight shifts as a nurse, urged the security company to have "more of a response because this is...happening to people all over."
Ring, which is owned by Amazon, said in a blog post on December 12 (and updated on December 18) that it was “made aware of an incident where malicious actors obtained some Ring users’ account credentials,” including usernames and passwords.
The criminals modus operandi is to steal credentials from a non-Ring service and then reuse those credentials to log into Ring accounts, according to the blog post.
That jibes with reports which call this technique “credentials stuffing" -- i.e., if the username and password is matched to a Ring account, hackers publish it online, according to ZDNet.
“Unfortunately, when people reuse the same username and password on multiple services, it’s possible for bad actors to gain access to many accounts,” Ring said.
The company said it has taken “appropriate actions” to block bad actors from known affected Ring accounts and affected users have been contacted, adding that it is encouraging Ring customers to change their passwords and enable two-factor authentication.
One list published on hacker forums claimed to contain credentials for 100,000 Ring accounts. Ring told ZDNet that of the 100,000 credentials only 4,000 were for valid Ring accounts.
Ring urges users to make sure to use unique usernames and passwords for every account. One way to do this is by using password manager software.