25 April 2024

Bleeping Computer Reports

The action is part of a settlement following a complaint from May 2023 alleging that Ring failed to implement adequate security measures to protect the devices from unauthorized access.

Ring customers get $5.6 million in privacy breach settlement

 
  • April 24, 2024
  •  
  • 10:31 AM
  •  
  • 1

Ring customers get $5.6 million in privacy breach settlement

The Federal Trade Commission is sending $5.6 million in refunds to Ring users whose private video feeds were accessed without consent by Amazon employees and contractors, or had their accounts and devices hacked because of insufficient security protections. . .

Ring is an Amazon subsidiary known its smart home security products, including video doorbells, indoor and outdoor security cameras, central alarm hubs, smart sensors, motion-activated lights, and more.
The devices are connected to the internet and provide users remote access and control through a mobile application.
In the original complaint, FTC alleged that Ring allowed its employees unlimited access to people’s Ring devices to help them increase productivity and development pace.
Additionally, Ring also gave high-level access to customer support agents, including hundreds of third-party contractors located in Ukraine and elsewhere, who operated without restrictions to protect customers against abusive access.

Apart from lax policies for internal access, FTC also alleged that Ring failed to implement basic security measures such as multi-factor authentication (MFA) until 2019, which led to easier user account hijacking and access to private video feeds through credential stuffing and brute-forcing attacks.

For the damage done, FTC is now sending payments through PayPal to a little over 117,000 Ring consumers as part of the settlement. Customers need to redeem the funds in the next 30 days.

“The FTC is sending 117,044 PayPal payments to consumers who had certain types of Ring devices, such as indoor cameras, during periods when the FTC alleges unauthorized users may have had access to customer videos.” – FTC

"The FTC identified eligible Ring customers based on data provided by the company," the agency told BleepingComputer, clarifying that Ring users "were eligible for a payment if their account was vulnerable because of privacy and security problems alleged in the complaint."

For more information on how FTC sends payments, consumers are advised to consult the agency's FAQ page.

RELATED ARTICLES:

Former AT&T customers get $6.3 million in data throttling refunds

Cerebral to pay $7 million settlement in Facebook pixel data leak case

FTC: Americans lost $1.1 billion to impersonation scams in 2023

Build your own IoT gear with $350 off Raspberry Pi & Arduino training

LATEST ARTICLES

US imposes visa bans on 13 spyware makers and their families

  • April 23, 2024
  •  
  • 11:38 AM
  •  
  • 0
  • State Department

    ​The Department of State has started imposing visa restrictions on mercenary spyware makers and peddlers, prohibiting their entry into the United States, as announced earlier in February.

    The crackdown has begun with 13 individuals and their close families (i.e., spouses and children) linked to commercial spyware operations.

    Taken pursuant to Section 212 (a)(3)(C) of the Immigration and Nationality Act, these visa restrictions allow the Secretary of State to exclude visa applications whose entry would have adverse foreign policy consequences for the U.S., effectively banning those linked to commercial spyware from entering the country.

    • "As part of the United States' efforts to counter the ongoing proliferation and misuse of commercial spyware as documented today in the Department of State's Country Reports on Human Rights Practices, the Department is taking steps to impose visa restrictions on 13 individuals who have been involved in the development and sale of commercial spyware or who are immediate family members of those involved," said State Department spokesperson Matthew Miller.
    • "These individuals have facilitated or derived financial benefit from the misuse of this technology, which has targeted journalists, academics, human rights defenders, dissidents and other perceived critics, and U.S. Government personnel."

    The visa restrictions are part of a broader effort to combat the rapid spread and misuse of spyware. This initiative includes restrictions on the U.S. government's own use of commercial spyware that poses a risk to national security or human rights and also involves export controls and sanctions to promote accountability.

    Miller spyware visa bans

    ​Secretary of State Antony J. Blinken announced this new visa restriction policy back in February, targeting misuse of commercial spyware linked to "arbitrary detentions, forced disappearances, and extrajudicial killings."
    The Biden Administration also issued an Executive Order in March 2023 to prevent using mercenary surveillance tools that pose risks to foreign policy interests or national security.
    It also worked with 36 other governments under the Freedom Online Coalition to establish guiding principles for governments to prevent human rights abuses related to surveillance technology.

    Last July, the Bureau of Industry and Security (BIS) in the Commerce Department added four European spyware companies to its Entity List because of their involvement in trafficking exploits used to hack the devices of high-risk individuals around the world.

    The State Department says the commercial spyware tools developed by Intellexa S.A. from Greece, Intellexa Limited from Ireland, Cytrox Holdings Zrt from Hungary, and Cytrox AD from North Macedonia were used to intimidate political adversaries, restrict freedom of speech, suppress dissent, and monitor journalists' activities on a global scale.
    In March, Google's Threat Analysis Group (TAG) and Google subsidiary Mandiant also said that commercial surveillance vendors have been behind 50% of all zero-day exploits targeting Google products and Android devices in 2023.

    RELATED ARTICLES

    US govt sanctions Iranians linked to government cyberattacks

    Apple: Mercenary spyware attacks target iPhone users in 92 countries

    US State Department investigates alleged theft of government data

    Visa warns of new JSOutProx malware variant targeting financial orgs

    Microsoft still unsure how hackers stole MSA key in 2023 Exchange attack


    POPULAR STORIES

    No comments:

    AIN'T HAPPENING: 'Everybody thinking Infowars was shut down, you're in for a rude awakening.' . . . Judge halts Infowars' sale to The Onion in shock move

    A Texas judge pressed the pause button on   The Onion's winning bid for Alex Jones' Infowars  network over questions about the biddi...