3,000 Ring Doorbell and Camera Accounts May Be Vulnerable to Hackers

Daniel Wroclawski

Updated December 19, 2019 at 7:50 PM

Consumer Reports has no financial relationship with advertisers on this site.

Ring is urging more than 3,000 users to change their passwords and use two-factor authentication after reports surfaced that Ring login information may have been exposed online.

Having these usernames and passwords could allow bad actors to access someone’s Ring smartphone app and see live camera feeds and recordings, phone numbers, and home addresses.

A Ring spokesperson told Consumer Reports that the data exposure didn’t involve the company’s own system. There is “no evidence of an unauthorized intrusion or compromise of Ring’s systems or network,” the spokesperson said.

Instead, the account information appears to have come from other data breaches. In a practice called “credential stuffing,” hackers take usernames and passwords from data breaches elsewhere and attempt to break into other accounts. That’s possible because many people use the same usernames and passwords with numerous online accounts.

Besides changing passwords, the company is encouraging customers to enable two-factor authentication, which adds an additional step of making anyone trying to access an account enter a security code that is sent to the account holder via text message.

Ring doesn’t require users to do so, however. Ring’s head of communications, Yassi Shahmiri, declined to comment on why Ring doesn’t require the use of two-factor authentication.

The set of stolen login information also came with other account information, such as the names of cameras and users’ timezones. “All that information is accessible if you have someone’s credentials,” Shahmiri said.

“If the bad actor that created the data set obtained credentials through credential stuffing, they could access that data easily, and they could have done so to verify the credentials work,” says Cody Feng, CR’s test engineer for privacy and security. “While we don’t know for certain, I would not call this a data leak based on the evidence we have.”

That’s why it’s important to use two-factor authentication.

"No matter how the data was exposed it is clear that Ring has not used reasonable security measures to protect their consumers' data,” says Katie McInnis, policy counsel for privacy and technology at CR Advocacy. “Even if the data was obtained through credential stuffing alone, Ring's failure to protect against credential reuse means that they did not adequately protect consumers’ data."

Consumer Reports urges Ring users to change their passwords and enable two-factor authentication. Make sure you use a long, complex password, and if you’re worried about remembering the password, store it in a password manager. All of these steps will help protect you from a future hack or leak.

Consumer Reports tests wireless security cameras for data privacy and data security, and we recently tested the Ring Stickup Cam (2nd gen.) and gave it a Very Good rating for data security. One of the many reasons it received that score was the availability of two-factor authentication. However, at the time, we did find that Ring did not have a mechanism in place to prevent individuals with unusual IP addresses from logging into accounts by default.

The exposure of these account credentials is just the latest in a series of hacks and vulnerabilities that have affected Ring security cameras and video doorbells. Earlier this week, reports surfaced of multiple Ring accounts being hacked through credential stuffing. Back in November, it was revealed that Ring video doorbells contained a vulnerability that exposed WiFi network names and passwords. And last May, The Information reported a vulnerability that let individuals stay logged into Ring accounts even after a password change.

These issues don’t just plague Ring devices either. Last January, there were reports of Nest cameras being hacked, again through credential stuffing.

“Connected devices are only as strong as the security practices companies use to protect them,” said McInnis. “Consumers may be making their privacy and their homes vulnerable by using insecure products.”

Consumer Reports is an independent, nonprofit organization that works side by side with consumers to create a fairer, safer, and healthier world. CR does not endorse products or services, and does not accept advertising. Copyright © 2019, Consumer Reports, Inc.

Yahoo Sports
Dolphins owner Stephen Ross reportedly declined $10 billion for team, stadium and F1 race
The value of the Dolphins and Formula One racing is enormous.
Yahoo Sports
MVP Nikola Jokić headlines All-NBA teams alongside Shai Gilgeous-Alexander, Luka Dončić
The All-NBA selection was the sixth for Jokić, who was awarded his third MVP trophy in four seasons on May 8.
Yahoo Finance
Under Armour is collapsing — And Kevin Plank has to take the blame
The Under Armour meltdown continues.
Yahoo Sports
UFC Vegas 92: Piera Rodríguez DQ'd for multiple illegal headbutts vs. Ariane Carnelossi
Rodríguez was warned by the ref to watch her head. She responded by headbutting her opponent even harder.
Yahoo Sports
Shohei Ohtani reportedly buys $7.85 million Los Angeles mansion from Adam Carolla
Ohtani will live about 20 minutes from Dodger Stadium.
Yahoo Finance
'Demand is just so strong': Nvidia CEO Jensen Huang tells Yahoo Finance supply can't keep up
Nvidia's quarterly results blew away estimates again on Wednesday, and as the company moves to its next-generation chips its CEO sees supply, not demand, serving as its biggest challenge.
Yahoo Sports
Tied for the most bets for No. 1 overall pick in NBA Draft is ... Bronny James?
The co-leader in bets for the No. 1 overall pick is a stunner.
Yahoo Sports
PGA Championship: Will Zalatoris says group of players considered asking for postponement after death, Scottie Scheffler arrest
It was a surreal day at the PGA Championship.
Yahoo Sports
Report: Fanatics files lawsuit against Cardinals rookie WR Marvin Harrison Jr. for breach of contract
Marvin Harrison Jr., Fanatics said, “rejected or ignored every request” from the company while refusing to fulfill obligations of their contract that was signed last May.
Yahoo Sports
Best and worst NFL offseasons with the Ringer's Steven Ruiz | The Exempt List
Charles McDonald is joined by Steven Ruiz of The Ringer to break down which teams had the best and worst offseasons in the NFL
Yahoo Sports
The Spin: Making a call on 5 slumping fantasy baseball stars
All five of these hitters were drafted highly in fantasy baseball leagues. So far, they have not lived up to their ADPs — and that's an understatement. Scott Pianowski analyzes.
Yahoo Finance
Tesla stock pops after company reveals new details, deliveries for its semitruck program
Robotaxis, low-cost cars, and the Cybertruck aren't stopping Tesla from pushing ahead with its new semitruck, which is set to reach customers by 2026.
Yahoo Sports
The Cheap Seats: How much should fantasy baseball managers worry about struggling stars?
Scott Pianowski covers some big names not delivering what was expected and more in his latest mailbag.
Yahoo Sports
Preakness Stakes 2024 winner, payouts, results: Seize the Grey wins at Pimlico, Mystik Dan finishes 2nd, ending Triple Crown bid
Live updates from the 149th Preakness Stakes at Pimlico Race Course in Baltimore
Yahoo Sports
Are the Phillies really this good? Or has their schedule just been easy?
With largely the same group of players as the past two seasons, the answer for Philadelphia can be both.
Yahoo Sports
Struggling Cardinals, Blue Jays among 3 teams that could spark life into the MLB trade deadline
If teams like St. Louis and Toronto decide to pull the plug on this season, some big names could become available on the trade market this summer.
Yahoo Sports
Rudy Gobert, Victor Wembanyama lead NBA's All-Defensive teams
Gobert was the only unanimous selection.
Autoblog
2025 Honda Civic Hybrid revealed, plus Civic-wide design and tech updates
The 2025 Honda Civic is here, and it lands as the 11th generation’s mid-cycle refresh.
Yahoo Sports
Auburn RB Brian Battie critically wounded in Sarasota shooting
Battie's older brother Tommie was killed and three others were shot early Saturday morning .
Yahoo Sports
Emma Hayes' first USWNT roster reveals a team that already evolved in her absence
When Hayes arrives this week, although she'll have plenty of familiarizing to do, her core — the players, the most important part of any national team — will largely already be in place.

News

Life

Entertainment

Finance

Sports

New on Yahoo

3,000 Ring Doorbell and Camera Accounts May Be Vulnerable to Hackers

Recommended Stories

Dolphins owner Stephen Ross reportedly declined $10 billion for team, stadium and F1 race

MVP Nikola Jokić headlines All-NBA teams alongside Shai Gilgeous-Alexander, Luka Dončić

Under Armour is collapsing — And Kevin Plank has to take the blame

UFC Vegas 92: Piera Rodríguez DQ'd for multiple illegal headbutts vs. Ariane Carnelossi

Shohei Ohtani reportedly buys $7.85 million Los Angeles mansion from Adam Carolla

'Demand is just so strong': Nvidia CEO Jensen Huang tells Yahoo Finance supply can't keep up

Tied for the most bets for No. 1 overall pick in NBA Draft is ... Bronny James?

PGA Championship: Will Zalatoris says group of players considered asking for postponement after death, Scottie Scheffler arrest

Report: Fanatics files lawsuit against Cardinals rookie WR Marvin Harrison Jr. for breach of contract

Best and worst NFL offseasons with the Ringer's Steven Ruiz | The Exempt List

The Spin: Making a call on 5 slumping fantasy baseball stars

Tesla stock pops after company reveals new details, deliveries for its semitruck program

The Cheap Seats: How much should fantasy baseball managers worry about struggling stars?

Preakness Stakes 2024 winner, payouts, results: Seize the Grey wins at Pimlico, Mystik Dan finishes 2nd, ending Triple Crown bid

Are the Phillies really this good? Or has their schedule just been easy?

Struggling Cardinals, Blue Jays among 3 teams that could spark life into the MLB trade deadline

Rudy Gobert, Victor Wembanyama lead NBA's All-Defensive teams

2025 Honda Civic Hybrid revealed, plus Civic-wide design and tech updates

Auburn RB Brian Battie critically wounded in Sarasota shooting

Emma Hayes' first USWNT roster reveals a team that already evolved in her absence