FTC Says Ring Employees Illegally Surveilled Customers, Failed to Stop Hackers from Taking Control of Users' Cameras
“Ring’s disregard for privacy and security exposed consumers to spying and harassment,” said Samuel Levine, Director of the FTC’s Bureau of Consumer Protection.
- “Ring’s disregard for privacy and security exposed consumers to spying and harassment,” said Samuel Levine, Director of the FTC’s Bureau of Consumer Protection.
- The company has marketed its products as offering greater home security and providing its users with peace of mind.
- For example, in promoting its indoor security cameras, which can be placed in individual rooms, Ring touts the ability of purchasers to “See your home.
- Away from home” alongside a picture of a Ring camera monitoring a child’s bedroom.
Security failures
- According to the complaint, Ring also failed to implement standard security measures to protect consumers’ information from two well-known online threats—“credential stuffing” and “brute force” attacks—despite warnings from employees, outside security researchers and media reports.
- Despite experiencing multiple credential-stuffing attacks in 2017 and 2018, Ring failed, according to the complaint, to implement common tactics—such as multifactor authentication—until 2019.
- Even then, Ring’s sloppy implementation of the additional security measures hampered their effectiveness, the FTC said.
- In addition to the mandated privacy and security program, the proposed order requires Ring to pay $5.8 million, which will be used for consumer refunds.