Thousands of passwords associated with Ring doorbell have been found on the dark web.
Buzzfeed News first reported the data leak, which exposed the login credentials of 3,672 Ring Cameras, including emails, passwords, time zones, as well as, the names given to specific Ring cameras. Then, later in the day, TechCrunch reported that over 1,500 emails, passwords, time zones, and camera’s named location had been found on the dark web.
However, TechCrunch said its data “appears to be a similar-looking data set to that which [BuzzFeed News] obtained.”
Last week, the internet was buzzing with various reports of hackers harassing people in their homes after accessing their Ring devices.
In response, Ring released a statement blaming credential stuffing for the rise in user attacks, saying:
“Ring has not had a data breach. Our security team has investigated these incidents and we have no evidence of an unauthorized intrusion or compromise of Ring’s systems or network.
It is not uncommon for bad actors to harvest data from other company’s data breaches and create lists like this so that other bad actors can attempt to gain access to other services.”
The company even went as far as blaming its customers for reusing passwords and not turning on two-factor authentication.
Today’s reports, however, show that when it comes to security concerns, Ring needs to look a little closer to home.
Even worse, TechCrunch said, the security researcher who discovered the leaked credentials reported the findings to Amazon — the owner of the Ring brand — “but Amazon asked that the researcher not discuss their findings publicly.”
As of now, it’s not clear how the data was exposed.