Ring says users account credentials were swiped by cybercriminals

Updated: Dec. 16, 2019 at 6:25 PM CST
Email This Link
Share on Pinterest
Share on LinkedIn

MEMPHIS, Tenn. (WMC) - Thousands of Ring customers got an explanation over the weekend after a Mid-South family’s hacked camera caught international attention. In an email Ring told its users the company now believes customer account credentials like usernames and passwords were swiped from an external, non-Ring service.

The same conclusion cybersecurity expert, Jeff Horton came to when we connected him with hacked Mid-South mom Ashley LeMay.

LeMay said her situation has gotten the attention of Ring along with additional investigators.

The chilling video has been seen and shared by millions across the world.

Tech website Vice-Motherboard points to a live-streamed podcast, which told its listeners how to take over people’s Ring and Nest cameras even how to use the cameras to taunt and harass the owners.

“We found out that this was most likely because of a podcast and this was live-streamed to hundreds, some reports even say thousands of people at a time,” said LeMay.

Friday, LeMay said Ring’s Chief Operating Officer, Jon Irwin called her apologizing for the terrorizing intrusion. LeMay also said Ring’s COO promised that the company will change its policy to be by default cause its users to be signed up for the two-factor authentication, the added level of security protection.

“They did say that it was actually our Ring account that did get hacked. It wasn’t necessarily the Ring system that got hacked, but it was our ring account,” she said.

“It took me about an hour to go through the resources that I have and piece together exactly what happened, I think," said Jeff Horton, who runs a cybersecurity company.

He found Ashley’s email and username likely ended up on a list that was sold to cybercriminals who then used that information to hack into Ring accounts.

“I just took her email address ran it through the database and came up with a few matches,” said Horton.

Horton also performed a vulnerability test on the LeMay’s wireless network. It checked out to be secure with a strong password protection.

New added safeguards are in place at the LeMay home to stop another hack.

Here are some take always from our cybersecurity expert: Know that anything connected to the internet can be hacked, always use the two-factor authentication when offered, and do not reuse passwords.

You can also check to see if your email address has been compromised here.

Copyright 2019 WMC. All rights reserved.