You may have recently seen reports that Ring services have been compromised, and we want to inform you that we have investigated this incident and have no evidence of an unauthorized intrusion or compromise of Ring’s systems or network.
Recently, we were made aware of an incident where malicious actors obtained some Ring users’ account credentials (e.g., username and password) from a separate, external, non-Ring service and reused them to log into some Ring accounts. Unfortunately, when people reuse the same username and password on multiple services, it’s possible for bad actors to gain access to many accounts.
Upon learning of the incident, we took appropriate actions to promptly block bad actors from known affected Ring accounts and affected users have been contacted. Out of an abundance of caution, we encourage Ring customers to change their passwords and enable two-factor authentication.
Customer trust is important to us, and we take the security of our devices and services extremely seriously. As a precaution, we highly encourage all Ring users to follow security best practices to ensure your Ring account stays secure:
- Enable Two-Factor Authentication: Enable two-factor authentication in the Ring app from the app’s account settings. This creates an extra layer of security. You’ll receive a unique code via text message to your phone whenever you or someone else attempts to log into your Ring account and is asked for your Ring password.
- Add Shared Users: Don’t provide your login information to others. If you want to share access to your Ring devices with other people, simply add them as a shared user.
- Use Different Passwords For Each Account: By using different usernames and passwords on your various accounts, you reduce the risk that a malicious actor could reuse credentials compromised from another account to access your Ring account. A password manager allows you to conveniently store all of your passwords in a centralized vault on your computer and, if you wish, in the cloud. This means you only need to remember one password to unlock all of your passwords. All major browsers have built-in password managers, and there are also a variety of commercial providers that will permit you to synchronize your vaults between devices.
- Create Strong Passwords: Create strong passwords with a mix of numbers, letters (both uppercase and lowercase), and symbols, and embrace long, non-dictionary based words or phrases. Try not to use sequential values in your passwords (123, abc, etc.). Even better, use a password generator to create a randomly generated, unique password for each account.
We understand what a big decision it is to pick a home security product, and we don’t take that decision lightly. We will continue to introduce additional security features to keep your Ring account and devices secure.
If you have questions or need assistance turning on two-factor authentication or changing your password, please contact firstname.lastname@example.org.
This blog has been revised on 12/18/2019 to include the most up to date security best practices.