They most likely used the same email and password a thousand times and never changed it. It was probably hacked somewhere else and is out in the general public now. Everyone needs to use different passwords for each site and check online to see if either the email or passwords have been compromised every so often. Google chrome now tells you if your password has been exposed when you sign into sites. And for people not to use 2FA when it’s available is just dumb.
And on your post to the article it says it all.
Here is there response that was part of the article you posted.
“While we are still investigating this issue and are taking appropriate steps to protect our devices based on our investigation, we are able to confirm this incident is in no way related to a breach or compromise of Ring’s security,” the statement said. “Due to the fact that customers often use the same username and password for their various accounts and subscriptions, bad actors often re-use credentials stolen or leaked from one service on other services.”
So to me this was just a person that did not take enough security with there devices and not Ring’s fault.