Cyber Incident Victim: Ring
Date:
Dec 2019
Location:
United States of America
Summary
A data leak exposed login credentials and device information for over 3,000 users of a smart doorbell and security camera company, enabling potential unauthorized access to live camera feeds, stored video histories, home addresses, phone numbers, and partial payment card details. The compromised data included camera names—often indicating locations like "bedroom"—and time zones, with security experts asserting the structured format suggested a database origin rather than credential stuffing. While the company denied a breach of its systems, a researcher discovered the credentials publicly posted online and reported inadequate initial support responses. The incident underscored privacy risks inherent in internet-connected home devices and occurred amid scrutiny of the firm's partnerships with hundreds of U.S. police departments for footage access.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 2 motives | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On December 16, 2019, New Zealand security researcher Nick Shepherd discovered a data leak exposing login credentials for 3,672 Ring camera users through a web crawler search. The compromised credentials were posted anonymously on a text storage site and included user email addresses, passwords, account time zones, and user-assigned camera names—frequently indicative of device locations such as "front door" or "bedroom." This data exposure enabled unauthorized parties to access Ring accounts, potentially revealing customers' home addresses, telephone numbers, payment card types with partial digits and security codes, live camera feeds, and 30-60 days of stored video history depending on subscription plans. Shepherd contacted Ring's customer support but was reportedly told they were "unable to assist." After publicizing the leak on a cybersecurity subreddit, a person claiming to represent Ring's security team privately acknowledged the compromised dataset as previously unknown to the company.
Security analysts including Cooper Quintin of the Electronic Frontier Foundation analyzed the leak's standardized format containing Ring-specific fields like camera names and time zones, concluding it likely originated from a company database rather than credential stuffing attacks. Ring denied experiencing a breach, stating its security team found no evidence of unauthorized network intrusion and attributing the data to harvesting from unrelated third-party breaches. Affected users confirmed password resets but maintained device usage despite privacy risks. The incident highlighted vulnerabilities in internet-connected home devices, with Quintin noting attackers could exploit the data to invade private spaces through camera access. Concurrently, over 700 U.S. police departments had partnerships granting warrantless footage requests via Ring's law enforcement portal, raising concerns about prioritization of police collaboration over customer security safeguards following multiple recent Ring-related breaches.