cyber daily logo

Breaking news and updates daily. Subscribe to our Newsletter

Breaking news and updates daily. Subscribe to our Newsletter X facebook linkedin Instagram Instagram

Ring fined US$5.6m by US FTC over poor security and spying incidents

The Federal Trade Commission has formally charged Amazon’s smart doorbell subsidiary for “compromising its customers’ privacy”.

user icon David Hollingworth
Fri, 26 Apr 2024
Ring fined US$5.6m by US FTC over poor security and spying incidents
expand image

The US Federal Trade Commission (FTC) has ruled that smart doorbell maker Ring must refund US$5.6 million over a raft of poor security practices.

The complaint was filed in June 2023, with the FTC alleging at the time that Ring employees and contractors were accessing customer videos more or less at will.

“Not only could every Ring employee and Ukraine-based third-party contractor access every customer’s videos (all of which were stored unencrypted on Ring’s network), but they could also readily download any customer’s videos and then view, share, or disclose those videos at will,” said the FTC in a courting filing at the time.


“Before July 2017, Ring did not impose any technical or procedural restrictions on employees’ ability to download, save, or transfer customers’ videos.”

That bird has now well and truly come home to roost, with a formal charge stating Ring compromised “its customers’ privacy by allowing any employee or contractor to access consumers’ private videos and by failing to implement basic privacy and security protections, enabling hackers to take control of consumers’ accounts, cameras, and videos”.

According to the FTC, Ring employees and contractors were easily able to watch private footage since there were no safeguards against such use.

One Ring employee was found to have viewed “thousands of video recordings belonging to at least 81 unique female users”. When alerted to the behaviour, a supervisor suggested this was perfectly acceptable, but became more concerned when they discovered the employee was only looking at “pretty girls”.

In addition to spying on customers, the FTC found that 55,000 US customers had their accounts compromised by credential stuffing and brute force attacks, as the security on user accounts was so inadequate. Some users even experienced verbal death threats from hackers over their own doorbell devices.

Given Amazon bought Ring for over US$1 billion a few years ago, we can’t see the US$5.6 million putting too much of a dent into Amazon’s coffers, however. Additionally, that figure will be shared between 117,044 customers, making for a very small individual payout indeed.

David Hollingworth

David Hollingworth

David Hollingworth has been writing about technology for over 20 years, and has worked for a range of print and online titles in his career. He is enjoying getting to grips with cyber security, especially when it lets him talk about Lego.

cd intro podcast

Introducing Cyber Daily, the new name for Cyber Security Connect

Click here to learn all about it
cyber daily subscribe
Be the first to hear the latest developments in the cyber industry.