A security researcher has discovered 1,562 unique email addresses and passwords of Ring doorbell (opens in new tab) users on the dark web.
The list of passwords was recently uploaded to an anonymous text-sharing site on the dark web which is commonly used by cybercriminals to share stolen passwords and other illicit materials.
By using the email addresses and passwords of Ring users on the site, an attacker can log in to and access users' cameras as well as their time zone and the doorbell's location.
- These are the best password managers (opens in new tab) of 2020
- Ring employees can reportedly access customers' live camera feeds
- Also check out the best security cameras
The researcher reported their findings to Amazon which owns Ring but the company asked them not to discuss their findings publicly.
BuzzFeed News recently reported that a similar cache of 3,600 Ring user credentials was posted online and this data appears to be similar to the collection of user data discovered by the security researcher.
Anyone with access to a working email address and password can log into a user's Ring account to obtain their physical address, phone number and some payment information. With these credentials, an attacker can also access a user's historical video data if the setting is enabled.
After reviewing some of the credentials on the dark web text-sharing site, TechCrunch found that most of the passwords it reviewed were relatively simple and could be easy for an attacker to guess. However, it is also possible that the passwords were obtained by credential stuffing where cybercriminals use usernames and passwords from past data breaches to try an access users' other accounts.
If you have a Ring doorbell or camera in your home, it is recommended that you update your password and enable two-factor authentication for your account.
- We've also highlighted the best antivirus software
Via TechCrunch (opens in new tab)