Security Breach

On 20 Dec 2019, Ring.com sent out an email regarding the compromise of user account information. Specifically: “Malicious actors obtained some Ring users’ account credentials (e.g., username and password) from a separate, external, non-Ring service and reused them to log into some Ring accounts.”

Perhaps I need to re-read the Terms of Service or Privacy Statement - but, HOW did these ‘malicious actors’ obtain the Ring user account information in the first place?

Do you sell that sensitive information to separate, external, non-Ring service providers?

Please advise.

They very easily got access to accounts with bad security practices of people.
All you need to do is have one breach somewhere else. Could be a newspaper you sign in to or a bank. Once this information is downloaded, these people now have your email and password. This gets sold to others. Now many people sadly use the same email address and password on all there internet sites or accounts. So if the person with this information goes into the Ring website and uses the email and password, they most likely will gain access to the account. If you have 2FA turned on though, it won’t work and you will get a text saying someone asked for the code. Sadly again most people won’t turn this security feature.

Here are sites to see if your email address has been breached and it shows how many times it has.
https://haveibeenpwned.com/

This site is where you can see if your password has been breached.
https://haveibeenpwned.com/Passwords

Hi @PeterFJ , as the email states the information was obtained from separate, external, non-Ring services. When people reuse the same username and password on multiple services, it’s possible for malicious actors to gain access to many accounts. Read more about the importance of password best practices here: https://blog.ring.com/2019/12/12/rings-services-have-not-been-compromised-heres-what-you-need-to-know/