A security researcher has found 1,562 unique email IDs and passwords on the dark web that are associated with Ring doorbell passwords.
This list was uploaded to an anonymous dark web text-sharing site that shares stolen data and other unlawful activities. A security researcher found this data which can be used to access the cameras. It can also be used to find the time zone and location of the doorbell.
Amazon, which owns the Ring brand was informed with the data by the researcher. Amazon has asked the researcher to not expose the data.
It is the second data leak on the Ring credentials. Earlier on Thursday Buzzfeed had reported similar content with not less than 3600 users’ login IDs and passwords of Ring customers. The reported data appears to be similar to that of the data reported by Buzzfeed.
With these credentials, anyone with a working email can access the Ring customers’ accounts and get some details like the address, phone number, and some payment information. The credentials also can be used to access Ring customers’ cameras and can get their video data if the setting is enabled by the customer.
However, it is not known how the data had been leaked. Ring’s spokesperson Yassi Shahmiri didn’t respond to the data breach but the doorbell maker said it didn’t leak the data. But still, Ring didn’t provide proof of its innocence.
Techcrunch verified the details with some of the owners who confirmed the details were theirs. They were advised to change their passwords and some even went with two-step authentication.
The passwords were relatively easy to guess. It is believed that the passwords were exposed with a technique called password spraying, which Hackers use to find out passwords, or they use the already hacked data on different websites to match them.
This is the latest security breach involving Ring security cameras last week. News reports erupted around the US showing how the hackers were able to access the Ring security cameras.
Ring cameras have poor quality security features, they do not tell the users when someone login to their accounts, confirmed Motherboard. It also said that Ring cameras have a weak two-step authentication system.
While Ring blamed the users for not using good security practices, the users slammed it for not setting up basic security features to keep them safe.
The Ring was criticized for its close relationship with law enforcement agencies around the U.S.
However, it is still unknown how many more data credentials are breached and are exposed online. Users are advised to secure their accounts with unique passwords and also are suggested to use two-step authentication to keep away from these threats.