It was recently reported that hackers had broken into a Ring account and controlled a Ring camera, speaking to a young girl in a room and playing a song for her. The latest development is that about 1562 emails related to a Ring account and password have been spotted on the dark web for sale. According to the researchers, the Ring doorbell passwords were uploaded to a dark web text sharing website on Tuesday.
The text sharing site is dedicated to posting stolen passwords, and other sensitive information for sale. The security researcher on one of his usual activity on the dark web discovered a cache of passwords. According to research, these passwords give criminals complete control over the Ring Camera, access their time zone and doorbell location.
Image Source: www.techCrunch.com
The researcher did the needful thing by reporting the incident to the owner of the Ring brand, Amazon. Amazon, however, asked the security researcher not to announce the Ring doorbell passwords leaked publicly. The ring has had multiple attacks on its product with users raising a concern about their safety. In addition to the recent attack, another report also claims that another set of Ring credentials have been spotted on the dark web.
As claimed by the report, over 3600 Ring doorbell passwords were spotted on the dark web. Most of the spotted Ring doorbell passwords were working, and when obtained by criminals, they can be used to log in the Ring account, access the customer’s information including address, number, and financial information. Some of the obtained information can put the victims at risk of identity theft. With the obtained information, the criminal can get access to the Ring camera at home, and even watch historical video data.
In the previous reported Ring doorbell passwords leak, the spokesperson of the company stated that their security system has not been breached as the passwords were leaked due to the user’s refusal to set up the two-factor authorization.
TechCrunch reviewed some of the Ring doorbell passwords at their disposal and observed that most of them were relatively simple and easy to guess. In this case, hackers might have used credential stuffing and password spraying to predict the password. With the credential stuffing, hackers use existing passwords and usernames from a previous data breach to match against different websites and take control over the account after accessing it.
Image Source: www.theverge.com
The users of the exposed Ring doorbell passwords were contacted, presented with the passwords and confirmed them to be correct. They were then advised to change the Ring doorbell passwords and set up the two-factor authentication to secure their account.
The spokesperson of Ring, Yassi Shamiri was contacted on which he stated that all customers whose accounts have been exposed have been alerted and asked to change their passwords. He further reported that they are still monitoring accounts that have been accessed without any authorization to block them. However, the known affected users contacted by TechCrunch have denied the statement by the Ring Spokesperson that they have been contacted.
Taking a critical look at the Ring security measures following the recent reports of password leak reveals poor security practices. According to the report, Ring does not alert users when a new user login, neither do they alert them when their camera is being actively watched. They have also been accused of using a weak form of two-factor authorization making it easy for hackers to breach.
Regardless of the poor security measures practiced by Ring, users can protect themselves by using a stronger password, set up two-factor authorization and add new users to the account instead of sharing the account credentials with them. It has been reported earlier that hackers are fully equipped with all the needed tools and methods to crack passwords. It is therefore advisable to no make their operation easy by paying less attention to cybersecurity and basic measures to counter their efforts.
Disclaimer: Darkweblink.com does not promote or endorse claims that have been made by any parties in this article. The information provided here is for the general purpose only and unintended to promote or support purchasing and/or selling of any products and services or serve as a recommendation in the involvement of doing so. Neither Darkweblink.com nor any member is responsible directly or indirectly for any loss or damage caused or alleged to be caused by or in relation with the reliance on or usage of any content, goods or services mentioned in this article.