Ring, Amazon’s video-enabled doorbell system, has a very bad rap when it comes to security. Now a security researcher has discovered on the dark web a list of more than 1,500 email addresses and passwords associated with Ring accounts.
This is Ring’s second data leak today — BuzzFeed News reported this morning that 3,672 Ring camera owners’ accounts were compromised this week. It’s not known how any of the data has been leaked, and Ring is denying the leak even happened.
“Ring has not had a data breach,” a spokesperson from the company said. “Our security team has investigated these incidents and we have no evidence of unauthorized intrusion or compromise of Ring’s systems or network.”
The list is still up — The list was uploaded Tuesday to a dark web site commonly used for sharing text files. With the login info, anyone can log into a user’s Ring account, allowing them access to view camera footage and other sensitive information such as the camera’s location. And, as of this afternoon, the list is still available on the dark web.
Amazon continues to deny, deny, deny — The security researcher has already reported the list to Amazon, and the company asked the researcher to not discuss the findings in public.
This is status quo for Ring. In response to last week’s claims of harassment via the company’s devices, Ring stated simply, “this incident is in no way related to a breach or compromise of Ring’s security.” When asked about maps of its devices’ locations, the company said only, “Locations were obfuscated to protect user privacy.”