A security researcher has recently discovered a concerning breach of Ring doorbell passwords on the dark web. The researcher found a collection of 1,562 unique email addresses and passwords associated with Ring doorbell accounts. These credentials were uploaded to an anonymous dark web text-sharing site, commonly used to share stolen passwords and illicit materials. The cache includes not only email addresses and passwords but also information about the account’s time zone and the location of the doorbell, such as “driveway” or “front door”.
Bạn đang xem: Over 1,500 Ring Passwords Found on Dark Web
Upon discovering this breach, the researcher promptly reported the findings to Amazon, the owner of the Ring brand. Amazon, however, requested that the researcher not disclose their findings publicly. As of now, the dark web listing containing the passwords remains accessible.
This incident marks the second known leak of Ring credentials recently. Just days ago, BuzzFeed News reported another cache of data, containing details from over 3,600 Ring doorbells, was posted online. The data in this newer leak appears to be similar to the data obtained by BuzzFeed. By using any working email address and password, anyone can log into a Ring account and gain access to the customer’s address, phone number, and even certain payment information. Moreover, these credentials provide access to the Ring devices within the home, including any historical video data if that setting is enabled.
Xem thêm : Password Protection for Your Online Store
The exact method by which this data was exposed remains unknown. TechCrunch reached out to multiple individuals whose information was found in the dark web listing. Each person was provided with their respective password, and all confirmed that it indeed belonged to them. All those contacted followed our advice and promptly changed their passwords. Some even enabled two-factor authentication for added security.
Upon reviewing the passwords, we discovered that the majority were relatively simple and potentially easy to guess. It is plausible that the passwords were obtained using password spraying techniques, where hackers attempt to guess passwords, or through credential stuffing, which involves using exposed or breached usernames and passwords from other websites to access accounts.
Ring spokesperson Yassi Shahmiri did not respond to a request for comment before this publication. However, in an email following our initial post, she denied any data breach. According to Shahmiri, Ring has already identified and contacted customers whose accounts were exposed, resetting their passwords as a precautionary measure. Additionally, the company continues to monitor and block unauthorized login attempts into Ring accounts.
Contrary to Ring’s claim, none of the individuals with compromised passwords we spoke to had been contacted by the company. This discrepancy raises concerns about the effectiveness of Ring’s response to this incident.
Unfortunately, this breach is merely the latest in a series of security lapses involving Ring security cameras. Last week, news reports surfaced detailing how hackers were infiltrating Ring cameras across the United States. Some crime forums even share tools for breaking into Ring accounts. Furthermore, Motherboard confirmed earlier this week that Ring cameras lack robust security measures. Users are not notified when other individuals log into their accounts, nor are they informed when their cameras are actively being watched. In addition, the two-factor authentication used by Ring is weak. Ring attributed much of the fault to user negligence, urging them to follow “best practices”. However, critics argue that Ring should have implemented basic security measures to protect its users.
Xem thêm : Eireview – Extractive Industries Review
Ring has also faced criticism from lawmakers for its close ties with law enforcement agencies nationwide.
The exact number of exposed Ring account credentials on the dark web remains unknown. Users are advised to safeguard their accounts by using strong, unique passwords and enabling two-factor authentication.
Frequently Asked Questions
Q: How many Ring passwords were found on the dark web?
A: A security researcher discovered 1,562 unique email addresses and passwords associated with Ring doorbells on the dark web.
Q: What information was included in the dark web listing?
A: In addition to email addresses and passwords, the listing contained data on the account’s time zone and the location of the doorbell.
Q: What actions did Ring take in response to the breach?
A: Ring claims to have identified and contacted customers with exposed accounts, resetting their passwords as a precautionary measure. They also continue to monitor and block unauthorized login attempts.
Q: Were all affected individuals contacted by Ring?
A: Contrary to Ring’s claim, none of the individuals we spoke to had been contacted by the company regarding the breach.
Q: What security measures did Ring lack, according to reports?
A: Ring cameras do not notify users when someone logs into their accounts or when their cameras are actively being watched. The two-factor authentication used by Ring is also weak.
Q: How can users protect their Ring accounts?
A: Users should create strong, unique passwords and enable two-factor authentication for added security.
Conclusion
The recent breach of Ring doorbell passwords on the dark web is a cause for concern. It highlights the importance of strong passwords and the need to enable additional security measures, such as two-factor authentication. Companies like Ring must prioritize the security and privacy of their customers’ data to prevent unauthorized access and potential misuse.
Nguồn: https://eireview.org
Danh mục: Technology