Ring to pay $5.6M to settle claims of poor privacy practices • The Register
The FTC today announced it would be sending refunds totaling $5.6 million to Ring customers, paid from the Amazon subsidiary’s coffers.
The windfall stems from allegations made by the US watchdog that folks could have been, and were, spied upon by cybercriminals and rogue Ring workers via their Ring home security cameras.
The regulator last year accused Ring of sloppy privacy protections that allowed the aforementioned spying to occur or potentially occur.
Specifically, the FTC formally charged Ring with “compromising its customers’ privacy by allowing any employee or contractor to access consumers’ private videos and by failing to implement basic privacy and security protections, enabling hackers to take control of consumers’ accounts, cameras, and videos.”
Miscreants were able to, for instance, brute-force or credential-stuff their way into victims’ Ring accounts, including those of 55,000 American customers, due to a lack of security defenses in place, it’s said. These accounts held Ring camera footage to playback, and intruders could even talk through the cameras to freak out their victims. In many instances, these scumbags took the opportunity to harass Ring users with expletives and racial slurs, and in one case one user was even greeted with a death threat, it was claimed.
At the same time, some Ring employees and contractors were viewing and amassing private footage because there was simply nothing stopping them, the FTC said. Customer service reps had access to cameras of users who didn’t ask for tech support, and even those who did explicitly ask for help couldn’t stop workers from accessing cameras that were unrelated to whatever issue was at hand, it was claimed.
In the most egregious case, one employee went out of his way to view “thousands of video recordings belonging to at least 81 unique female users,” according to the FTC. A coworker reported this behavior to her supervisor, who it’s alleged initially said this snooping wasn’t that strange until he realized the rogue employee was only reviewing videos of “pretty girls.”
Ring was forced to hand over $5.6 million to the FTC, which is now distributing it among affected Ring customers. These payments will be sent via PayPal (yes, really) to 117,044 accounts.
Assuming these refunds are divided evenly and that each account stands for one buyer, Ring customers will be getting back just under $50. That’s not even enough to buy a single Ring camera, which start at over $100.
Also, the payout is a rounding figure on the annual balance sheet of Amazon, which bought Ring for more than a billion dollars in 2018. We’ve asked Ring for further comment. ®