The suit comes after multiple reports of hackers gaining access to consumers' cameras and live video footage from inside their homes.
In one particularly distressing incident, a hacker yelled racial slurs at an 8-year-old girl whose mother had recently purchased a Ring camera from a Black Friday deal. That girl's parents are now plaintiffs in the class action suit. A spokesperson for Ring told Mashable the company doesn't comment on legal matters. Previously, the company has blamed its users for poor password practices, saying hackings have been a result of weak passwords or re-using passwords that have been previously compromised.
The lawsuit alleges that, as a manufacturer of security products, Ring failed to meet its „most basic obligation by not ensuring its Wi-Fi enabled cameras were protected against cyber-attack.“ It also argues that Ring and Amazon sought to avoid responsibility by blaming users for not implementing proper security measures despite knowing the risks of not requiring things like two-factor authentication.
But the lawsuit points out that the company fails to take basic security steps that could prevent these kinds of attacks, even if camera owners aren't using two-factor authentication.
Ring does not require users to implement two-factor authentication. It does not double-check whether someone logging in from an unknown IP address is the legitimate user. It does not offer users a way to view how many users are logged in. It offers no protection from brute-force entries—mechanisms by which hackers can try an endless loop of combinations of letters and numbers until they land on the correct password to unlock account. Even though these basic precautions are common and unexceptional security measures across a wealth of online services, Ring does not utilize them for its services.
The filing further argues that Ring is well aware that its devices have become popular targets among hacker groups. Vice's Motherboard previously reported that hackers have created software that essentially streamlines the process for taking over Ring cameras. The lawsuit also notes that there is a "a widely livestreamed podcast" dedicated to hackers who gain access to random Ring cameras and harass their owners, as proof that the company knows it should do more to protect users.
Ring’s failure to properly safeguard access to user accounts is even more egregious in light of the presence of hacking forums and podcasts dedicated to hacking Ring devices.
Yet even in light of widespread reports of hacks and unauthorized access to devices, Ring has refused to take responsibility for the security of its own home security devices, and its role in compromising the privacy of its customers. Even as its customers are repeatedly hacked, spied on, and harassed by unauthorized third parties, Ring has made the non-credible assertions that it has not suffered any data breaches and that there are no problems with the privacy and security of its devices
That said, Lyft did set up an anonymous tip line for complaints about employees misusing data after its investigation in 2018.The ride-hailing service's new security measures are similar to Uber's, which also issues warnings on employees' dashboard tools and trains staff on the proper ways to access user data.
You can read the full lawsuit below.