Ring has suffered a data leak that exposed the personal information of more than 3,600 users, according to BuzzFeed News -- or did it? The security-camera maker denies its systems were breached.
Despite the public-relations nightmare that a recent string of reported "hacks" has birthed, I believe the Amazon-owned company is telling the truth. Here's why.
When I heard a bad actor hacked an 8-year-old's indoor Ring cam and claimed to be Santa Claus, I dug into the coverage of similar cases nationwide.
The common denominator among all the attacks was not that a malicious entity got into Ring's trove of personal data. It's that the "hackers" gained entry to Ring online accounts through the front door -- by using the legitimate users' previously compromised, reused passwords.
The kind of data BuzzFeed News says was exposed in the data leak, such room names and payment information along with email address, passwords and time zones, could have come from a breach of Ring's systems.
As for how Ring-cam assailants got into those accounts, there are a number of ways to carry out such an attack. Most are alarmingly simple.
There's software circulating the internet, for example, that shuffles through username-and-password combinations compromised in previous data breaches until it finds a correct match.
A lucky guess could do the trick, too. That's why it's imperative to create a password that's long, strong and unique. We also recommended enabling two-factor authentication (2FA) both on Ring cameras and when any other company offers it.
But do I think Ring has taken enough steps to assure users their accounts are kept safe? Absolutely not.
