iscover
Share this article on:
Powered by
MOMENTUM
MEDIA
The Federal Trade Commission has formally charged Amazon’s smart doorbell subsidiary for “compromising its customers’ privacy”.
The US Federal Trade Commission (FTC) has ruled that smart doorbell maker Ring must refund US$5.6 million over a raft of poor security practices.
The complaint was filed in June 2023, with the FTC alleging at the time that Ring employees and contractors were accessing customer videos more or less at will.
“Not only could every Ring employee and Ukraine-based third-party contractor access every customer’s videos (all of which were stored unencrypted on Ring’s network), but they could also readily download any customer’s videos and then view, share, or disclose those videos at will,” said the FTC in a courting filing at the time.
“Before July 2017, Ring did not impose any technical or procedural restrictions on employees’ ability to download, save, or transfer customers’ videos.”
That bird has now well and truly come home to roost, with a formal charge stating Ring compromised “its customers’ privacy by allowing any employee or contractor to access consumers’ private videos and by failing to implement basic privacy and security protections, enabling hackers to take control of consumers’ accounts, cameras, and videos”.
According to the FTC, Ring employees and contractors were easily able to watch private footage since there were no safeguards against such use.
One Ring employee was found to have viewed “thousands of video recordings belonging to at least 81 unique female users”. When alerted to the behaviour, a supervisor suggested this was perfectly acceptable, but became more concerned when they discovered the employee was only looking at “pretty girls”.
In addition to spying on customers, the FTC found that 55,000 US customers had their accounts compromised by credential stuffing and brute force attacks, as the security on user accounts was so inadequate. Some users even experienced verbal death threats from hackers over their own doorbell devices.
Given Amazon bought Ring for over US$1 billion a few years ago, we can’t see the US$5.6 million putting too much of a dent into Amazon’s coffers, however. Additionally, that figure will be shared between 117,044 customers, making for a very small individual payout indeed.
David Hollingworth has been writing about technology for over 20 years, and has worked for a range of print and online titles in his career. He is enjoying getting to grips with cyber security, especially when it lets him talk about Lego.
Be the first to hear the latest developments in the cyber industry.
