Ring has responded to the US Senators demanding answers to the security issues it's facing in a letter, which was obtained by Motherboard. In it, the Amazon-owned company has admitted that it had to fire employees for watching customers' videos beyond what they were allowed to. Ring received the four complaints over the course of four years, and it opened an investigation for each one of them. While all the employees involved had the authority to view customer videos, Ring said they accessed or attempted to access data that "exceeded what was necessary for their job functions."
In addition to terminating the employees, Ring said it limited data access to smaller number of staff members. At the moment, only three employees can access stored customer videos. The company also clarified in the letter that while it gave an R&D team in Ukraine access to video data, that team can only watch publicly available videos and videos from employees, contractors and their friends who consented to be part of the program.
Ring recently pledged to beef up its security measures, most likely in response to all the flak it's gotten over various security issues. Motherboard discovered last year that Ring makes its security video footage available to local police, and it's also facing a lawsuit due a series of hacks that allowed infiltrators to digitally harass device owners. One of its recent efforts is requiring new signups to activate two-factor authentication -- a move that's nowhere near good enough for Senator Ron Wyden.
The Senator said in a statement:
"Requiring two-factor for new accounts is a step in the right direction, but there are millions of consumers who already have a Ring camera in their homes who remain needlessly vulnerable to hackers. Amazon needs to go further -- by protecting all Ring devices with two-factor authentication. It is also disturbing to learn that Ring's encryption of user videos lags behind other companies, who ensure that only users have the encryption keys to access their data."
Update 01/09/20 7PM ET: A Ring spokesperson told us in a statement:
"Privacy, security, and user control will always be paramount as we pursue and improve technologies that help achieve our mission of helping to make neighborhoods safer. We take the protection of customer data very seriously and are always looking for ways to improve our security measures.
At CES, we announced Ring will be making two-factor authentication opt-in by default for new account and device setups, even on existing accounts. We also shared details about our new Control Center which will initially enable Ring users to see and manage their connected mobile, desktop and tablet devices, third-party services, as well as enable customers to opt-out of receiving video requests in areas where local police have joined the Neighbors app. These are just a few examples of the many ways Ring is working to provide more transparency and control. We will continue to invest in rolling out enhanced security features to ensure that our users are protected.
Recently, we notified customers whose credentials we have identified as exposed as part of other companies' data breaches and have reset their passwords. In addition, we are continuing to monitor for and block potentially unauthorized login attempts into Ring accounts. We've also contacted all Ring customers, encouraging them to enable two-factor authentication, change their passwords, and follow these important best practices for keeping their accounts secure."