Amazon’s home security business, Ring, landed in more hot water Thursday when researchers discovered thousands of user passwords had been uploaded to sites on the dark web.
Some 1,500 unique email addresses and passwords were exposed, according to a TechCrunch report. Just hours earlier, BuzzFeed News reported on the exposure of credentials from 3,600 owners of Ring devices.
The compromised credentials included log-in emails, passwords, and in some cases the locations of Ring cameras inside homes.
Ring provided this statement to GeekWire in response to the reports:
Ring has not had a data breach. Our security team has investigated these incidents, and we have no evidence of an unauthorized intrusion or compromise of Ring’s systems or network. It is not uncommon for bad actors to harvest data from other company’s data breaches and create lists like this so that other bad actors can attempt to gain access to other services.
We’ve notified customers whose accounts we have identified as exposed and have reset their passwords. In addition, we are continuing to monitor for and block potentially unauthorized login attempts into Ring accounts.
We’ve also contacted all Ring customers, encouraging them to enable two-factor authentication, change their passwords, and follow these important best practices for keeping their accounts secure.
Last week reports surfaced of hackers infiltrating Ring security cameras and harassing children. Ring attributed the hacks to password reuse. Consumer advocacy groups issued a “product warning” on Wednesday urging people not to purchase Ring’s smart doorbells and security cameras.
