A hacker tapped into a Ring security system to harass a biracial family over the device’s camera and speaker system.
Josephine Brown and her husband were preparing dinner in their Cape Coral, Florida, home when an alarm sounded over the Ring security system. Soon after the alarm sounded, the hacker spoke over the speaker, hurling insults about the couple’s young son.
“So, did your child come out black or kind of like light-skinned?” the man asked. He compared their son to a baboon and a monkey, adding, “Does your child look like an Oreo?”
Brown called the remarks “hurtful,” adding, “My son is biracial, and the comments he made was really hurtful.”
The hacker also asked Brown’s husband to “pull up a web browser” and type in the URL he gave over the speaker. Before the hacker had the opportunity to finish his request, the couple pulled the batteries out of the camera.
“They’ve been watching us,” Brown said. “That’s the only way you know I had a son and the only way you know what he looks like.”
Ring told the family, “The email address and password of one of your external accounts was exposed in a data breach.”
The company explained that the information was scraped from a breach outside of Ring and used to sign in to their account and override their device, but Brown claimed she actively changes her passwords.
“Fix it,” Brown said in response to Ring’s statement. “Put more security stuff on there. Do more updates on the cameras making sure everything runs the way it’s supposed to. I don’t know.”
She added, “I was scared. I didn’t know who that is, how long he been watching us. And I’m still scared now because I don’t have an answer.”
ABC7 reported that there are ways to protect against hackers, including frequently changing passwords and using a separate Wi-Fi router for security systems.
UPDATE: A representative from Ring told the Washington Examiner, “Customer trust is important to us and we take the security of our devices seriously. While we are still investigating this issue and are taking appropriate steps to protect our devices based on our investigation, we are able to confirm this incident is in no way related to a breach or compromise of Ring’s security. Due to the fact that customers often use the same username and password for their various accounts and subscriptions, bad actors often re-use credentials stolen or leaked from one service on other services.”
The representative added, “As a precaution, we highly and openly encourage all Ring users to enable two-factor authentication on their Ring account, add Shared Users (instead of sharing login credentials), use strong passwords, and regularly change their passwords.”
