Cyber Incident Victim: Ring
Date:
Mar 2023
Location:
United States of America
Summary
A ransomware group known as ALPHV (or BlackCat) claimed responsibility for hacking the security camera company Ring, threatening to release stolen data unless payment was made. The group listed the company on its public leak site, and while external researchers confirmed the listing's existence, Ring denied any direct compromise of its internal systems, stating it lacked evidence of a ransomware incident. The company acknowledged an attack on a third-party vendor, clarifying the vendor had no access to customer records, and initiated collaboration with that entity to assess the situation. ALPHV’s claim highlighted ongoing risks despite no confirmed breach of Ring’s core infrastructure, underscoring potential vulnerabilities through external partners.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
On March 14, 2023, ransomware group ALPHV (operating under the BlackCat malware banner) claimed responsibility for breaching Amazon’s Ring, a manufacturer of internet-connected security cameras. The group publicly threatened to leak Ring’s data through its "Collections" site—a dedicated platform for publishing stolen information from victims who refuse ransom demands. ALPHV’s post featured Ring’s logo and included the message: "There's always an option to let us leak your data." Motherboard verified the listing targeting Ring on ALPHV’s site, and cybersecurity collective VX Underground circulated a screenshot of the listing. Ring responded to Motherboard’s inquiry by denying any evidence of a direct ransomware breach within its own systems but acknowledged a third-party vendor working with Ring had been compromised by ransomware. The company clarified this vendor did not have access to customer records, though the specific data ALPHV obtained or the vendor’s identity remained undisclosed. Internally, Amazon instructed employees via Slack not to discuss the incident, noting that security teams were engaged.
The incident drew attention to Ring’s historical security challenges. Between 2019 and 2020, hackers breached Ring cameras by exploiting reused credentials from unrelated data breaches, enabling unauthorized access to live camera feeds. In one widely publicized case, an intruder spoke to children through a bedroom camera and played music. These breaches highlighted vulnerabilities in Ring’s default security settings, prompting the company to simplify user controls for privacy features. Ring’s extensive user base—including partnerships with over 2,000 U.S. police departments for footage sharing—amplified concerns about risks tied to surveillance data exposure. The 2023 ALPHV claim further underscored systemic risks to vendor ecosystems, though the direct impact on Ring’s infrastructure or customers was unconfirmed. No customer data leaks were tied to the ALPHV incident at the time of reporting.