Amazon to Pay $5.8 Million for Spying on Customers Through Their Ring Cameras

Amazon will pay $5.8 million after the Federal Trade Commission found it illegally spied on customers and failed to stop hackers from taking control of users’ Ring cameras.

An FTC investigation(Opens in a new window) concluded that Ring, which Amazon acquired in 2018, had compromised the privacy of its customers “by allowing any employee or contractor to access consumers’ private videos and by failing to implement basic privacy and security protections.”

Ring’s violation of user privacy occurred on multiple fronts. Ring users were likely unaware that the company had been using their videos for “product improvement and development” because Ring buried that information in the Terms of Service and Privacy Policy. It meant customer videos were used to train algorithms, but were also being viewed by Ring employees and contractors.

The FTC found that one Ring employee had viewed thousands of videos of female customers in their bedrooms and bathrooms over several months. The employee in question was only stopped when another employee discovered what they had been doing. Ring was unable to determine if any other employees had been violating the privacy of users in the same way because the company did not monitor employee access to videos.

Further privacy violations occurred due to a lack of security. The FTC found that hackers used a combination of credential stuffing and brute force attacks to gain access to customer accounts. Essentially, a hacker used credentials leaked in other security breaches to discover the password on Ring accounts by using an automated password-guessing system. Ring did not have multi-factor authentication implemented until 2019, and even then, the “sloppy implementation of the additional security measures hampered their effectiveness.”

Amazon agreed to pay a $5.8 million settlement after the Federal Trade Commission found it was illegally spying on customers and failed to stop hackers from taking control of users’ Ring cameras.

An FTC investigation(Opens in a new window) concluded that Ring, which Amazon acquired in 2018, had compromised the privacy of its customers “by allowing any employee or contractor to access consumers’ private videos and by failing to implement basic privacy and security protections.”

Ring’s violation of user privacy occurred on multiple fronts. Ring users were likely unaware that the company had been using their videos for “product improvement and development” because Ring buried that information in the Terms of Service and Privacy Policy. It meant customer videos were used to train algorithms, but were also being viewed by Ring employees and contractors.

The FTC found that one Ring employee had viewed thousands of videos of female customers in their bedrooms and bathrooms over several months. The employee in question was only stopped when another employee discovered what they had been doing.

Ring was unable to determine if any other employees had been violating the privacy of users in the same way because the company did not monitor employee access to videos.

**By PCMag

**Source

Comment