English

Help

Community Home

Categories

Discussions

Sign Up

Ring Updates

Get the latest news, product updates, announcements and more from Ring.
R

Riley_Ring

Ring’s Services Have Not Been Compromised

You may have recently seen reports that Ring services have been compromised, and we want to let you all know that we have investigated this incident and have no evidence of an unauthorized intrusion or compromise of Ring’s systems or network. Customer trust is important to us and we take the security of our devices extremely seriously. Follow this link to read all you need to know about this.

6363

0

19

12-12-2019 11:29:33

Responses (5)

  • M

    Matt1

    Have you determined how this happened? So we can update or change what ever settings are necessary for our devices? Thanks

    1

    14-12-2019 05:50:47

    • A

      amerkincynic65

      news reports MULTIPLE hacks... you say you've invesigated one incident.. which one, and what about the other reports? I tried to include a link from good morning America... but since the article title included a forbidden r word, you would not let me post it... Pretending that it doesn't exist is little more than the illusion of safety...

      4

      14-12-2019 07:33:50

        E

        Ex2000

        My Ring was hacked, the hackers used. Brute force attack, then ran ring.config to cause my ring to alarm. I have video and audio proof. Ring will probably delete this post. Going to sell all my ring products. Just can’t purchase from a company that does not take responsibility for there actions. You failed Ring

        2

        14-12-2019 10:07:19

        I

        Inaseateveryweek

        It is always a tragedy when people are interfered with in thier daily lives, regardless of whether it be through internet accounts, credit card theft, or even social media. I have personally had both personal and business credit cards falsified, and was a victom of the Yahoo penetraion as well as other sites that were breached with various methods. Cameras and security systems that are not part of a closed loop can and do have the opportunity for breaches as well. Whether you are "brute force attacked, or your credentials were bought through some dark web circumstance, both companies offering services as well as consumers using those services have a responsibility for security. Ring has done a great job as far as I can tell with making services avaialble to be painless as possible for the cunsumer. That in itself has a risk. For us consumers, we must use good security practices such as seperate user id's and passwords (for each critical service we have) so that if someone breaches a service somewhere else and now has that handy user ID and password for dozens of websites your impact is minimized. Use two factor authentication. Text or Email codes at least give you the chance to say "what's up". There are other ways as well such as secure code generators that create "one time codes" as well as many others. I would also recommend that, as Ring has stated in recent announcements, continue to implement more secure interfaces and systems. Having a visible inventory of connected devices - similar to Apple iCloud, Roku, and others would be a good way for consumers to see what is connected to thier accounts. Add notifications of when a new device or unkown login occurs or is attempted, add a lockout after so many attempts (brute force attacks) - all of these relatively simple industry standard security safegards are relatively easy to implement. I am quite sure Ring is very intrested in keeping consumers secure and contuning to make thier services as easy for the consumer as reasonable. We as consumers - let's take our responsubility seriously too. Ring - please place the additional security improvements on top of the development list.

        3

        15-12-2019 09:59:56

        R

        Riley_Ring

        Hi @Ex2000 , we're sorry you had this experience - please send us an email at community@ring.com so we can connect ASAP. We look forward to helping you as soon as possible.

        0

        16-12-2019 05:27:13

        B

        Brad

        Really, the only thing Ring could do here is require two-factor authentication. That would negate to a large extent weak passwords,, stolen passwords, reused passwords, and brute force attacks. So if Ring is to be faulted here, it is for not having big read letters telling the customer they are a fool if they do not enable 2FA, or requiring it. Lets be real here, most customers are clueless about this stuff, so just pasively having the 2FA option is really not enough when you are offering security devices. Ring really should make it hard to not use 2FA.

        3

        17-12-2019 12:26:16

        NJ

        NC-JayG

        > @Ex2000 wrote: > My Ring was hacked, the hackers used. Brute force attack, then ran ring.config to cause my ring to alarm. I have video and audio proof. Ring will probably delete this post. Going to sell all my ring products. Just can’t purchase from a company that does not take responsibility for there actions. You failed Ring And you will attest that you had a strong password that was unique to the Ring service, and also had 2FA enabled?

        3

        18-12-2019 05:57:03

    • NJ

      NC-JayG

      The advice is all good until you get to step 5. **5. Regularly Update Your Passwords:** It’s good practice to update your passwords every three to six months. Click [here](https://support.ring.com/hc/en-us/articles/360018709231-How-Do-I-Change-my-Password-in-the-Ring-App-) to learn how to change your password to your Ring account. As a cyber security professional, I'll point any user to NIST guidance regarding that. From: [https://pages.nist.gov/800-63-FAQ/#q-b05 ](https://pages.nist.gov/800-63-FAQ/#q-b05 ) > “Verifiers SHOULD NOT require memorized secrets to be changed arbitrarily (e.g., periodically). However, verifiers SHALL force a change if there is evidence of compromise of the authenticator.” Users tend to choose weaker memorized secrets when they know that they will have to change them in the near future. When those changes do occur, they often select a secret that is similar to their old memorized secret by applying a set of common transformations such as increasing a number in the password. This practice provides a false sense of security if any of the previous secrets has been compromised since attackers can apply these same common transformations. But if there is evidence that the memorized secret has been compromised, such as by a breach of the verifier’s hashed password database or observed fraudulent activity, subscribers should be required to change their memorized secrets. However, this event-based change should occur rarely, so that they are less motivated to choose a weak secret with the knowledge that it will only be used for a limited period of time. Vendors are doing their users a disservice when the recommend to continue this outdated practice. I'm with others here, turn 2FA on by default, and then make it clear to a user the risk they are taking if they opt out.

      1

      18-12-2019 05:53:53

      • R

        Roberttosa

        Security is a two way street and end users have an obligation to do what is necessary to mitigate hacker intrusions and successful hacks. Understand best practices and implement them to secure your system. If end users don't do what is needed to prevent intrusions then nothing Ring, or any other provider, does will make a difference. Take security seriously. Do your part! disclaimer: I do not work for Ring or their partners. I do work for a large IT company that has rigorous security protocols and rules.

        1

        26-12-2019 10:14:46

          C

          CrazyCat

          Looks like Ring just added a new security feature. I just logged in from a new machine and got an email message stating my account was accessed from a new machine. That is a step in the right direction.

          0

          04-01-2020 01:36:15

      • H

        Hydrology

        My video doorbell has ben hacked. Porch thieves were able to hack into the doorbell and erase the video of them stealing the package. They didn't delete the video, which i am sure that they would have prefered to do. They just somehow blanked it out so i have 30 seconds of a black screen and no sound. A motion activated video shows the fedex package being delivered 10 minutes before the blacked out video(1:37 pm). At 1:47, 10 minutes after the package was delivered, I have the 30 sec blacked out video. The next motion activated video was at 2:16 pm about 30 minutes after the blacked out video, and it shows me getting the mail, and there is no package on the porch. Somehow they were able to hack the system and get far enough into the system to black out the video. The only blacked out video I have ever had with Ring in the 12 months that I have had it, is this one occurance, exactly when the package was being stolen. My WiFi has a complex password and wpa2 authentication with a full firewall, so there is not much more I can do from this end. I called customer service. They looked into it and verified what I described above, then after about 20 minutes on hold, they came back and said that what they were seeing was impossible so they blew me off. At this point, I can't trust Ring for anything dealing with security.

        0

        05-01-2020 01:42:57

        Didn't find an answer ?

        Log in or create your Ring account to post a question and join in the on the conversation.

        Community Resources

        Community Guidelines

        About Ring Community

        Ring Help

        Most Helpful Members

        View All

        U

        user63814

        2

        User
        Solutions

        B

        Boone

        1

        User
        Solution

        J

        j0hnmsch

        1

        User
        Solution

        J

        Justin_Ring

        1

        User
        Solution

        ©2024 Ring LLC or its affiliates

        PrivacyLicensesTerms of Service