https://blog.paessler.com/investments-in-iot-security-are-set-to-increase-rapidly-in-2018
The two biggest challenges in 2018 will continue to be protecting against unauthorized access, and patching/updating the software of the device. Companies must not neglect the security problems of IoT and IIoT devices. Cyberattacks on the Internet of Things (IoT) are already a reality.
According to Gartner‘s market researchers, global spending on IoT security will increase to $1.5 billion this year.
1,741 Comments
Tomi Engdahl says:
IoT security: Now dark web hackers are targeting internet-connected gas pumps
https://www.zdnet.com/article/iot-security-now-dark-web-hackers-are-targeting-internet-connected-gas-pumps/
As more and more devices get connected to the Internet of Things, researchers say compromising pumps has become a hot topic on cyber criminal forums.
Tomi Engdahl says:
IoT security laws and standards you must know and get ready to adhere to
https://firedome.io/blog/iot-security-laws-and-standards-you-must-know-and-get-ready-to-adhere-to/
The past decade has seen many efforts by various governing bodies to define and regulate what cybersecurity means in today’s market. In this article, I will outline the current state of cybersecurity law and standards, as it pertains to the IoT industry.
Tomi Engdahl says:
How a Hacked Light Bulb Could Lead to Your Bank Account Being Drained
https://observer.com/2019/09/cybersecurity-expert-asaf-ashkenazi-device-vulnerability-hacking/
Every connected device and system is hackable—it’s just a matter of time and hacker motivation
Tomi Engdahl says:
Telnet Backdoor Opens More Than 1M IoT Radios to Hijack
https://threatpost.com/million-iot-radios-hijack-telnet-backdoor/148123/
Tomi Engdahl says:
Uncovering IoT Threats in the Cybercrime Underground
https://www.trendmicro.com/vinfo/us/security/news/cybercrime-and-digital-threats/the-internet-of-things-in-the-cybercrime-underground
Tomi Engdahl says:
IoT Security Is Hard: Here’s What You Need To Know
https://hackaday.com/2017/04/21/iot-security-is-hard-heres-what-you-need-to-know/
Reverse Engineering of a Not-so-Secure IoT Device
https://mcuoneclipse.com/2019/05/26/reverse-engineering-of-a-not-so-secure-iot-device/
Tomi Engdahl says:
https://hackaday.com/2019/07/16/hacking-this-smart-bulb-is-almost-too-easy/
Tomi Engdahl says:
A detailed description of just how insecure some children’s GPS trackers proved to be, including the ability for anyone to query the child’s current location.
The secret life of GPS trackers (1/2)
https://decoded.avast.io/martinhron/the-secret-life-of-gps-trackers/
GPS trackers are designed to bring you greater peace of mind by helping you to locate your kids, your pets, and even your car. They can help keep the elderly or disabled safe by providing them with a simple SOS button to call for immediate help. Many devices are marketed for these purposes on common sites like Amazon and eBay and can be purchased for $25-$50 USD, making them more financially attractive than using a smartphone for some of the same capabilities.
Tomi Engdahl says:
https://hackaday.com/2019/10/24/reverse-engineering-xiaomi-iot-firmware/
Tomi Engdahl says:
Understanding Elliptic Curve Cryptography And Embedded Security
https://hackaday.com/2019/07/04/understanding-elliptic-curve-cryptography-and-embedded-security/
We all know the usual jokes about the ‘S’ in ‘IoT’ standing for ‘Security’. It’s hardly a secret that security in embedded, networked devices (‘IoT devices’) is all too often a last-minute task that gets left to whichever intern was unfortunate enough to walk first into the office that day. Inspired by this situation, All About Circuits is publishing a series of articles on embedded security, with a strong focus on network security.
In addition to the primer article, so far they have covered the Diffie-Hellman exchange (using prime numbers, exponentiation and modular arithmetic) and the evolution of this exchange using elliptic curve cryptography (ECC) which prevents anyone from brute-forcing the key. Barring any quantum computers, naturally.
https://www.allaboutcircuits.com/technical-articles/elliptic-curve-cryptography-in-embedded-systems/
Tomi Engdahl says:
ESP8266 And ESP32 WiFi Hacked!
https://hackaday.com/2019/09/05/esp8266-and-esp32-wifi-hacked/
Tomi Engdahl says:
Compiler Explorer, Explored
https://hackaday.com/2019/09/30/compiler-explorer-explored/
Tomi Engdahl says:
New Bluetooth 5 Channel Hopping Reverse Engineered For Jamming And Hijacking
https://hackaday.com/2019/08/10/new-bluetooth-5-channel-hopping-reverse-engineered-for-jamming-and-hijacking/
Tomi Engdahl says:
Researchers hack Siri, Alexa, and Google Home by shining lasers at them
MEMS mics respond to light as if it were sound. No one knows precisely why.
https://arstechnica.com/information-technology/2019/11/researchers-hack-siri-alexa-and-google-home-by-shining-lasers-at-them/
Siri, Alexa, and Google Assistant are vulnerable to attacks that use lasers to inject inaudible—and sometimes invisible—commands into the devices and surreptitiously cause them to unlock doors, visit websites, and locate, unlock, and start vehicles, researchers report in a research paper published on Monday. Dubbed Light Commands, the attack works against Facebook Portal and a variety of phones.
Shining a low-powered laser into these voice-activated systems allows attackers to inject commands of their choice from as far away as 360 feet (110m). Because voice-controlled systems often don’t require users to authenticate themselves, the attack can frequently be carried out without the need of a password or PIN.
centerpoint says:
Thanks for sharing, it’s so useful to know. Actually, for a long time, I rarely read any information enough attractive to me. So I appreciate your post. Keep it up!
hateco says:
Yeah, I will bookmark this blog, it’s so awesome
Tomi Engdahl says:
https://www.uusiteknologia.fi/2019/11/26/naihin-tuotteisiin-ensimmaiset-tietoturvamerkit/
Tomi Engdahl says:
https://www.zdnet.com/article/this-aggressive-iot-malware-is-forcing-wi-fi-routers-to-join-its-botnet-army/?ftag=COS-05-10aaa0h&utm_campaign=trueAnthem%3A+Trending+Content&utm_content=5dbaf0108021ed000132d25e&utm_medium=trueAnthem&utm_source=facebook
Tomi Engdahl says:
How to Write a Secure Code in C/C++ Programming Languages
https://pentestmag.com/write-secure-code-cc-programming-languages/
Tomi Engdahl says:
“Clapper made clear that the internet of things – the many devices like thermostats, cameras and other appliances that are increasingly connected to the internet – are providing ample opportunity for intelligence agencies to spy on targets, and possibly the masses”
https://www.theguardian.com/commentisfree/2016/feb/09/internet-of-things-smart-devices-spying-surveillance-us-government?
Tomi Engdahl says:
The Huge Security Problem With C/C++ And Why You Shouldn’t Use It
https://fossbytes.com/security-problem-with-c-c-and-why-you-shouldnt-use-it/
Bugs and exploits like Heartbleed, WannaCry, and Zero-Day might seem unrelated at first glance, but all of them stem from an issue that is common in popular coding languages like C and C++.
According to a report by Motherboard, this issue belongs to a category of errors called “memory unsafety,” which exists in decades-old programming languages like C/C++.
The Internet Has a Huge C/C++ Problem and Developers Don’t Want to Deal With It
https://www.vice.com/en_us/article/a3mgxb/the-internet-has-a-huge-cc-problem-and-developers-dont-want-to-deal-with-it
What do Heartbleed, WannaCry, and million dollar iPhone bugs have in common?
Tomi Engdahl says:
https://lightcommands.com/
Light Commands is a vulnerability of MEMS microphones that allows attackers to remotely inject inaudible and invisible commands into voice assistants, such as Google assistant, Amazon Alexa, Facebook Portal, and Apple Siri using light.
Tomi Engdahl says:
Pentesting an IOT Based Biometric Attendance Device
https://pentestmag.com/pentesting-an-iot-based-biometric-attendance-device/
Tomi Engdahl says:
If You Have an Amazon Echo or Google Home, the FBI Has Some Urgent Advice for You
You might have to do a little work with your internet of things devices to stay secure
https://www.inc.com/chris-matyszczyk/if-you-have-an-amazon-echo-or-google-home-fbi-has-some-urgent-advice-for-you.html?cid=sf01002
Tomi Engdahl says:
A Trillion Security Risks
Why an explosion in IoT devices significantly raises the threat level.
https://semiengineering.com/a-trillion-security-risks/
Tomi Engdahl says:
SecureRF is changing its name to Veridify Security Inc. The company says the new name reflects an expanding role in securing the industrial IoT, automotive, smart building, device management and secure supply chain markets. Because IoT devices are now running on 32, 16, and 8-bit processors, the company has outgrown its old name, which derives from its work to secure very low-resource radio frequency (RF) devices and sensors, including BLE and NFC. The company, however, will continue to serve the low-resource RF market.
SecureRF Announces Corporate Name Change to Veridify Security to Reflect Growing Commitment to IoT Security
https://veridify.com/press-release/securerf-announces-corporate-name-change-to-veridify-security/
Tomi Engdahl says:
How Panasonic is using internet honeypots to improve IoT device
security
https://www.zdnet.com/article/how-panasonic-is-using-internet-honeypots-to-improve-iot-device-security/
Researchers at the electronics and home-appliance manufacturer leave
connected devices open to the internet in a controlled environment -
and watch how hackers attempt to attack them. Electronics and
home-appliance manufacturer Panasonic has detailed how it has
strengthened the security of its Internet of Things devices by
connecting them to internet honeypots and allowing hackers to try and
take them over. The global corporation uses two specially built
honeypot sites that have the effect of exposing devices to the
internet, to lure cyber criminals into attacking the devices. The
products being tested like this range from IP cameras to connected
home appliances like fridges and other kitchen products
Tomi Engdahl says:
KeyWe Smart Lock unauthorized access and traffic interception
https://labs.f-secure.com/advisories/keywe-smart-lock-unauthorized-access-traffic-interception
The KeyWe smart lock suffers from multiple design flaws resulting in
an unauthenticated – potentially malicious – actor being able to
intercept and decrypt traffic coming from a legitimate user. This
traffic – as described below – can then be used to execute actions
(such as opening/closing the lock, denial of service, silencing the
lock etc.) on behalf of the owner. An attacker could exploit this
vulnerability by intercepting any legitimate communications to steal
the key and unlock the door at any point remotely. Communication
messages between a legitimate application and the lock are transported
using Bluetooth Low Energy. Before sending they are encrypted using
AES-128-ECB with a random 2B (two-byte) prefix (functioning as a
replacement for an Initialization Vector) thus disallowing a third
party to easily eavesdrop and tamper with commands originating from
the legitimate parties. The key generation process is, however,
affected by a serious flaw. Read also:
https://www.theregister.co.uk/2019/12/11/f_secure_keywe/ and
https://www.tivi.fi/uutiset/tv/d06ba2bd-3e64-4666-a382-ce5def3c7985
Tomi Engdahl says:
Man hacks Ring camera in 8-year-old girl’s bedroom, taunts her: ‘I’m Santa Claus’
The hacker also played music and told the girl to mess up her room and break her television.
https://www.nbcnews.com/news/us-news/man-hacks-ring-camera-8-year-old-girl-s-bedroom-n1100586
A Tennessee family said someone hacked a Ring security camera set up in their children’s bedroom and taunted their 8-year-old daughter.
The LeMay family, of Memphis, said they installed the device to keep an eye on their daughters. A few days later, the family said a stranger had gained access to the device and was talking to the little girl.
“They could have seen all kinds of things,”
Ring told NBC News in a statement that, “While we are still investigating this issue and are taking appropriate steps to protect our devices based on our investigation, we are able to confirm this incident is in no way related to a breach or compromise of Ring’s security.”
Earlier this month, a Florida family said someone hacked their Ring device and spewed racial slurs at their 15-year-old son.
In January, an Illinois family said a stranger hacked into their Nest home security camera and thermostat.
During that incident, Google, which owns Nest, told the outlet that its systems were not breached and customers were “using compromised passwords” that were exposed in breaches on other websites.
Tomi Engdahl says:
This is a sad situation on many fronts.
Tomi Engdahl says:
Valmistajalla aivan päätön ratkaisu älykelloissa järkyttävä
turvallisuusaukko
https://www.tivi.fi/uutiset/tv/0e4b2001-f713-4bf2-b4dc-b258396c4677
Turvallisuustutkijat löysivät lasten älykelloista haavoittuvuuden,
jonka kautta kuka tahansa pystyy seuraamaan lapsen liikkeitä. Kolmesta
sattumanvaraisesti valitusta lasten älykellosta on löydetty vakava
haavoittuvuus, uutisoi Fortune. Haavoittuvuus mahdollistaa sen, että
lapsen huoltajan sijasta älykellon asetuksia voi hallita kuka tahansa.
https://fortune.com/2019/12/11/security-flaws-smartwatches-amazon-strangers-track-kids/
Tomi Engdahl says:
https://gizmodo.com/ring-user-blocks-400k-bitcoin-extortion-attempt-by-tak-1840388093
“This is Ring support,” the voice said, laughing.
Then the hacker got to business. “We would like to notify you that your account has been terminated by a hacker,”
“Pay this 50 Bitcoin ransom or you will get terminated yourself.”
According to WFAA, the hacker then took control of the 28-year-0ld woman’s doorbell camera then said, “I’m outside your front door.”
“Very scary to hear a threat shouted over the camera for a ransom,” Amador told WFAA. “The fact that the person was watching and we don’t know for how long is even scarier.”
But Amador did not pay the Bitcoin bounty, worth about $400,000. Instead, she simply took the batteries out of her Ring.
Tomi Engdahl says:
“I felt betrayed by our security company,” Amador told WFAA. “I feel like we were treated like another dollar and that we didn’t matter.”
Amador has kept the devices off since the unsettling incident. “Everything is shut off and until there is a safer alternative, we don’t want to keep using Ring,” Amador told WFAA. “At the time there is no trust in the company.”
https://gizmodo.com/ring-user-blocks-400k-bitcoin-extortion-attempt-by-tak-1840388093
Tomi Engdahl says:
Pull the plug
https://www.reddit.com/r/cybersecurity/comments/e9tpyt/everyone_say_it_with_me_now_turn_on_2fa_amazon/?utm_medium=android_app&utm_source=share
Tomi Engdahl says:
Inside the Podcast that Hacks Ring Camera Owners Live on Air
https://www.vice.com/en_us/article/z3bbq4/podcast-livestreams-hacked-ring-cameras-nulledcast?utm_source=vicenewsfacebook
In the NulledCast hackers livestream the harassment of Ring camera owners after accessing their devices. Hundreds of people can listen.
podcast posted to a hacking forum called Nulled reads. “Join us as we go on completely random tangents such as; Ring & Nest Trolling, telling shelter owners we killed a kitten, Nulled drama, and more ridiculous topics. Be sure to join our Discord to watch the shows live.”
Software to hack Ring cameras has recently become popular on the forum. The software churns through previously compromised email addresses and passwords to break into Ring cameras at scale.
Tomi Engdahl says:
This terrifying footage shows how several families’ Ring security systems fell into the hands of hackers
https://www.facebook.com/341163402640457/posts/3045469045543199/
Tomi Engdahl says:
Echobot IoT Botnet Casts a Wide Net with Raft of Exploit Additions
https://threatpost.com/echobot-iot-botnet-exploit-additions/151154/
A variant of the Mirai Internet of Things (IoT) botnet known as
Echobot has added 13 more vulnerability exploits to its bag of
infiltration tricks, according to researchers. These target a range of
devices, including routers, firewalls, IP cameras, server management
utilities, a programmable logic controller used in industrial
environments, an online payment system and even a Yachtcontrol web
application.
Tomi Engdahl says:
Over 435K Security Certs Can Be Compromised With Less Than $3,000
https://www.bleepingcomputer.com/news/security/over-435k-security-certs-can-be-compromised-with-less-than-3-000/
After analyzing millions of RSA keys and certificates generated on low
entropy lightweight IoT devices, security researchers at Keyfactor
discovered that more than 435,000 of them shared their prime factors
making it easy to derive their private key and compromise them. RSA
keys are derived from random prime numbers (prime factors) and are
used to securely transfer data to a remote source by encrypting it
with the publicly available key, a process that only allows the remote
source to decrypt the information using a private key.. Also:
https://www.theregister.co.uk/2019/12/16/internet_of_crap_encryption/
Tomi Engdahl says:
Talos Vulnerability Discovery Year in Review 2019
https://blog.talosintelligence.com/2019/12/vulnerability-discovery-2019.html
Cisco Talos’ Systems Security Research Team investigates software,
operating system, IoT and ICS vulnerabilities to make sure we find
vulnerabilities before the bad guys do. We provide this information to
the affected vendors so that they can create patches and protect their
customers as soon as possible. We strive to improve the security of
our customers with detection content, which protects them while the
vendor is creating, testing, and delivering the patch.
Tomi Engdahl says:
How to Silently Hack a Smart Speaker
https://spectrum.ieee.org/tech-talk/consumer-electronics/audiovideo/how-to-silently-hack-a-voice-assistance-system
“Okay, Google. Turn the volume up to max.”
Imagine if this voice command was applied to your Google Home system without you hearing it. A group of researchers in Japan have shown that this is possible, by using strategically placed speakers that emit ultrasound to hack voice-assisted devices.
The results suggest that attacks from 3.5 meters are the most successful, but the hallway experiments show that this technique is effective from distances as far as 12 m.
Tomi Engdahl says:
Alexa, Google Home Eavesdropping Hack Not Yet Fixed
https://threatpost.com/alexa-google-home-eavesdropping-hack-not-yet-fixed/151164/
Researchers say that Amazon and Google need to focus on weeding out
malicious skills from the getgo, rather than after they are already
live. Months after researchers disclosed a new way to exploit Alexa
and Google Home smart speakers to spy on users, those same researchers
now warn that Amazon and Google have yet to create effective ways to
prevent the eavesdropping hack.
Tomi Engdahl says:
Weak Crypto Practice Undermining IoT Device Security
https://www.darkreading.com/iot/weak-crypto-practice-undermining-iot-device-security/d/d-id/1336636
Keyfactor says it was able to break nearly 250, 000 distinct RSA keys
- – many associated with routers, wireless access points, and other
Internet-connected devices. A failure by many IoT device manufacturers
to follow cryptographic best practices is leaving a high proportion of
the devices vulnerable to attack, researchers warn. Researchers at
Keyfactor recently collected some 175 million RSA certificates and
keys from the Internet using a proprietary SSL/TLS certificate
discovery process and then analyzed the data using a particular
mathematical method. The analysis showed that roughly 435, 000 of the
RSA certificates analyzedor roughly 1 in every 172 active
certificatewere vulnerable to compromise or attack. A high percentage
of the weak certificates belonged to routers, modems, firewalls, and
other network devices. Other potentially impacted devices included
cars and medical implants.
Tomi Engdahl says:
Joseph Cox / VICE:
Ring device testing shows it lacks safeguards that would deter credential stuffing and brute force attacks, making 2FA a key part of securing accounts — It’s not so much being watched. It’s that I don’t really know if I’m being watched or not. — From across the other side of the world …
We Tested Ring’s Security. It’s Awful
Ring lacks basic security features, making it easy for hackers to turn the company’s cameras against its customers.
https://www.vice.com/en_us/article/epg4xm/amazon-ring-camera-security
Tomi Engdahl says:
We Tested Rings Security. Its Awful
https://www.vice.com/en_us/article/epg4xm/amazon-ring-camera-security
Ring lacks basic security features, making it easy for hackers to turn
the company’s cameras against its customers. From across the other
side of the world, a colleague has just accessed my Ring account, and
in turn, a live-feed of a Ring camera in my apartment. He sent a
screenshot of me stretching, getting ready for work. Then a second
colleague accessed the camera from another country, and started
talking to me through the Ring device.
Tomi Engdahl says:
The IoT Evolution and the Technologies that Enable It
https://gateway.on24.com/wcc/eh/2072881/lp/2111295/the-iot-evolution-and-the-technologies-that-enable-it?partnerref=5GBC_EM_2111295&utm_rid=CPG05000002750211&utm_campaign=30536&utm_medium=email&elq2=69996b375fbf44b0990ab268424baaed&oly_enc_id=0452E0081834E9U
The rapid evolution of the Internet of Things is indisputable, with forecasts predicting that by the year 2022 there will be 1.5 billion IoT devices with cellular connections, roughly 70% of the wide-area category. There is no shortage of technologies evolving to enable the IoT, but which ones will provide the quality and efficiency IoT devices require? Each technology has their own characteristics, not to mention differing standards and keeping up can be a challenge. This webinar will bring you the latest on these technologies, focusing on recent advancements in standards and what that means when designing IoT devices.
Tomi Engdahl says:
Blog
Bricked IoT Devices Are Casualties Of Lax Semiconductor Security
How Silex malware gains entry into devices, and what it does after that.
https://semiengineering.com/bricked-iot-devices-are-casualties-of-lax-semiconductor-security/
This is because Silex is programmed to destroy an IoT device’s stored data and remove the network configuration. Silex accomplishes this by deliberately exploiting known default credentials, logging in and killing the system. More specifically, the destructive malware strain writes random data from /dev/random to any mounted storage it can identify. Silex subsequently deletes network configurations, runs rm -rf / to erase data and flushes iptables entries. Lastly, the malware writes an entry to terminate all active connections.
It is important to note that Silex is only one of many malware strains that actively targets devices with default or weak login credentials such as “admin” usernames and “1234” passwords. Put simply, malware like Silex continues to propagate because it is so successful at bricking a wide range of IoT devices by attacking unprotected system functions. Fortunately, a hardware-based root of trust can help protect against malware like Silex by ensuring robust remote access authentication and monitoring of anomalous system operation.
Tomi Engdahl says:
Flexible Hardware Enables Over-the-Air Updates for RF
A software-defined approach to design puts greater control in the hands of manufacturers, particularly when its delivered as a total solution.
https://www.electronicdesign.com/technologies/iot/article/21118688/flexible-hardware-enables-overtheair-updates-for-rf?utm_source=EG+ED+Analog+%26+Power+Source&utm_medium=email&utm_campaign=CPS191218050&o_eid=7211D2691390C9R&rdx.ident%5Bpull%5D=omeda%7C7211D2691390C9R&oly_enc_id=7211D2691390C9R
The phrase “over the air,” often referred to as OTA, is now normally suffixed with the word “update,” which together imply that the way something operates can be changed remotely using wireless communications. OTA has become popularized by the Internet of Things (IoT), particularly in small endpoints that are wirelessly linked to a gateway or, in some cases, directly to the internet.
OTA gives manufacturers a way of modifying the operation of a device long after it’s been shipped. Sometimes this is to add premium features, but generally it’s way to deliver bug fixes in the software or software compensation for deficiencies in hardware updates that improve its functionality or security.
Tomi Engdahl says:
Over 1,500 Ring passwords have been found on the dark web
https://tcrn.ch/2PDzQEf
A security researcher has found on the dark web 1,562 unique email addresses and passwords associated with Ring doorbell passwords.
The list of passwords was uploaded on Tuesday to an anonymous dark web text-sharing site commonly used to share stolen passwords or illicit materials. A security researcher found the cache of email addresses and passwords, which can be used to log in to and access the cameras, as well as their time zone and the doorbell’s location, such as “driveway” or “front door.”
The researcher reported the findings to Amazon — which owns the Ring brand — but Amazon asked that the researcher not discuss their findings publicly.
At the time of writing, the dark web listing is still accessible.
A Data Leak Exposed The Personal Information Of Over 3,000 Ring Users
https://www.buzzfeednews.com/article/carolinehaskins1/data-leak-exposes-personal-data-over-3000-ring-camera-users
“This gives a potential attacker access to view cameras in somebody’s home — that’s a real serious potential invasion of privacy right there.”
Tomi Engdahl says:
https://pentestmag.com/iot-security-its-complicated/
Tomi Engdahl says:
Hackers keep dumping Ring credentials online ‘for the giggles’
Three cache of Ring user credentials have surfaced this week.
https://www.zdnet.com/article/hackers-keep-dumping-ring-credentials-online-for-the-giggles/
Over the past two weeks, hackers have published thousands of valid Ring camera account credentials on hacking forums and the dark web.
In most cases, they did it to gain a reputation in the hacking community, but also “for the giggles,” in the hopes that someone else would hack Ring users, hijack their accounts, play pranks, or record users in their homes.
These lists of credentials were compiled using a technique called credentials stuffing. Hackers used special tools and apps that took usernames and passwords leaked via data breaches at other sites and tested their validity against Ring’s account system.
The username-password combos that matched, they published online.
BuzzFeed reported yesterday about a list of 3,600+ Ring accounts. TechCrunch reported on another list of 1,500 Ring accounts. ZDNet also received the list that TechCrunch received.
The company said that of the 100,000 credentials only 4,000 entries were for valid Ring accounts. The company wasn’t aware of this particular list but said they’ve already reset passwords and notified account owners in the past
We tested many against the Have I Been Pwned service, and they were all listed in various breaches were combinations of emails and passwords had been leaked in the past.
Some of the Ring users from the list who we contacted confirmed they reused passwords
A Ring spokesperson told ZDNet yesterday that there was no breach of its internal servers, and from its side, the accounts are compromised due to credential stuffing attacks and because of users reusing passwords across online services.