The action is part of a settlement following a complaint from May 2023 alleging that Ring failed to implement adequate security measures to protect the devices from unauthorized access.
Ring customers get $5.6 million in privacy breach settlement
Bill Toulas
- April 24, 2024
- 10:31 AM
- 1
The Federal Trade Commission is sending $5.6 million in refunds to Ring users whose private video feeds were accessed without consent by Amazon employees and contractors, or had their accounts and devices hacked because of insufficient security protections. . .
The devices are connected to the internet and provide users remote access and control through a mobile application.
Additionally, Ring also gave high-level access to customer support agents, including hundreds of third-party contractors located in Ukraine and elsewhere, who operated without restrictions to protect customers against abusive access.
Apart from lax policies for internal access, FTC also alleged that Ring failed to implement basic security measures such as multi-factor authentication (MFA) until 2019, which led to easier user account hijacking and access to private video feeds through credential stuffing and brute-forcing attacks.
For the damage done, FTC is now sending payments through PayPal to a little over 117,000 Ring consumers as part of the settlement. Customers need to redeem the funds in the next 30 days.
"The FTC identified eligible Ring customers based on data provided by the company," the agency told BleepingComputer, clarifying that Ring users "were eligible for a payment if their account was vulnerable because of privacy and security problems alleged in the complaint."
For more information on how FTC sends payments, consumers are advised to consult the agency's FAQ page.
US charges Samourai cryptomixer founders for laundering $100 million
Keonne Rodriguez and William Lonergan Hill have been charged by the U.S. Department of Justice for laundering more than $100 million from various criminal enterprises through Samourai, a cryptocurrency mixer service they ran for nearly a decade.
- APRIL 24, 2024
- 04:55 PM
0
Maximum severity Flowmon bug has a public exploit, patch now
Proof-of-concept exploit code has been released for a top-severity security vulnerability in Progress Flowmon, a tool for monitoring network performance and visibility.
- APRIL 24, 2024
- 04:08 PM
- 1
UnitedHealth confirms it paid ransomware gang to stop data leak
The UnitedHealth Group has confirmed that it paid a ransom to cybercriminals to protect sensitive data stolen during the Optum ransomware attack in late February.
- APRIL 23, 2024
- 10:28 AM
- 10
US imposes visa bans on 13 spyware makers and their families
The Department of State has started imposing visa restrictions on mercenary spyware makers and peddlers, prohibiting their entry into the United States, as announced earlier in February.
The crackdown has begun with 13 individuals and their close families (i.e., spouses and children) linked to commercial spyware operations.
Taken pursuant to Section 212 (a)(3)(C) of the Immigration and Nationality Act, these visa restrictions allow the Secretary of State to exclude visa applications whose entry would have adverse foreign policy consequences for the U.S., effectively banning those linked to commercial spyware from entering the country.
- "As part of the United States' efforts to counter the ongoing proliferation and misuse of commercial spyware as documented today in the Department of State's Country Reports on Human Rights Practices, the Department is taking steps to impose visa restrictions on 13 individuals who have been involved in the development and sale of commercial spyware or who are immediate family members of those involved," said State Department spokesperson Matthew Miller.
- "These individuals have facilitated or derived financial benefit from the misuse of this technology, which has targeted journalists, academics, human rights defenders, dissidents and other perceived critics, and U.S. Government personnel."
The visa restrictions are part of a broader effort to combat the rapid spread and misuse of spyware. This initiative includes restrictions on the U.S. government's own use of commercial spyware that poses a risk to national security or human rights and also involves export controls and sanctions to promote accountability.
The Biden Administration also issued an Executive Order in March 2023 to prevent using mercenary surveillance tools that pose risks to foreign policy interests or national security.
It also worked with 36 other governments under the Freedom Online Coalition to establish guiding principles for governments to prevent human rights abuses related to surveillance technology.
Last July, the Bureau of Industry and Security (BIS) in the Commerce Department added four European spyware companies to its Entity List because of their involvement in trafficking exploits used to hack the devices of high-risk individuals around the world.
- Earlier this month, Apple notified iPhone users in 92 countries about a "mercenary spyware attack" that aimed to compromise their devices remotely.
No comments:
Post a Comment