Ring, an Amazon-owned video surveillance company, will pay $5.8 million to settle FTC charges that staff and contractors had unrestricted access to customers’ videos for years.
Wednesday saw the settlement filed in the U.S. District Court for the District of Columbia. The FTC verified the settlement shortly after. Reuters reported the settlement.
Ring employees and contractors had “dangerously overbroad access and lax attitude toward privacy and security,” according to the FTC.
Ring gave “every employee — as well as hundreds of Ukraine-based third-party contractors — full access to every customer video, regardless of whether the employee or contractor actually needed that access to perform his or her job function,” the FTC claimed. Ring employees and contractors “could also readily download any customer’s videos and then view, share, or disclose those videos at will,” the FTC said.
The FTC claimed Ring employees unlawfully accessed women’s Ring footage at least twice. In addition, the FTC said Ring didn’t notice the employee’s surveillance for months.
Ring no longer employs the individuals, according to a draft message Ring wants to send affected clients.
The government’s case also claimed that Ring ignored several reports of credential stuffing, where hackers utilize stolen user credentials from one data breach to break into accounts on other sites. Instead, ring permitted “password” and “12345678” passwords, making brute-forcing accounts easier, and failed to act sooner to prevent account intrusions, according to the FTC.
The FTC says over 55,000 U.S. customers had their accounts stolen between January 2019 and March 2020. Hackers kept accounts for almost a month in over a dozen situations.
Ring required two-factor authentication in February 2020. In 2021, Ring introduced end-to-end encryption to encrypt doorbell videos from Ring and others.
Ring agreed to build and maintain a data security procedure with regular evaluations for 20 years, disclose employee and contractor access to consumer data, and pay $5.8 million to satisfy the FTC’s complaints.
Ring spokesperson Emma Daniels informed TechCrunch, saying Ring disagreed with the FTC’s findings and denied breaking the law.