I logged in to my Ring account from my browser for the first time in quite a while. As a result, I received a 2FA email with a code. I typed in the code and logged in. I then got ANOTHER email letting me know that there was a new sign in. No kidding. I just signed in. However, the email gave a partial IP address that is NOT correct. And I'm a LITTLE mad that the email only gave me a partial address: 3.221.1*****. That doesn't tell me ANYTHING other than the fact that it's NOT my router's public IP address. A quick WHOIS check shows that the 22.214.171.124/9 network is owned by Amazon.
So, can SOMEBODY please tell me the IP address of who logged into my account so I can report them to Amazon? Getting a partial address is pretty useless.
The email you rec'd shows a login from AWS because they coded the algorithm wrong - they captured the IP of one of their own servers - rather then sending the IP of the device that logged in.
I sent an email to support suggesting that it would be more useful for their customers and their security team if they corrected the API that generates those email alerts - and also suggested they include the device type and/or browser fingerprint -like google does.
Hopefully they will get it sorted.
I guess you've observed - the IP citation is gone for the moment.
Perhaps they'll bring it back once they figure out how to pass the IP of the user device properly [maybe a google dev can show them the way].
It would be nice if they display the fingerprint of the device as well - like they do in the View and Remove Authorized Client Device section of the Control Center .
@Eagle328 , can you please go into more detail about 1) linked accounts isn't working 'fully' and 2) "Doesn't show simple commands which I use." -- which ones? The more information the better so we can get this over. Thank you!
Hey neighbors! Thank you for sharing your experience with these login confirmation emails. I wanted to chime in to confirm that the team is looking into modifying these emails to give our neighbors a better experience, and IP addresses have been removed from those emails for the time being. I've passed this experience and feedback to the team here.
I see the IP of the device used to log in is back, but it only shows the first 2 octets.
If someone other than the account owner has the same ISP, and their gateway is the same as the account owner, there is no way to determine who the un-authorized user is.
For that matter, if the account owner initially logged in using a mobile cellular connection, their IP would change every time they re-connect the device to the cellular network.
Going forward, it would be useful if the ring devs add the fingerprint of the device, which would be more easily recognized by the account owner as their own [or not].