Amazon’s Ring has settled with the Federal Trade Commission (FTC) over charges that the company allowed employees and contractors to access customers’ private videos, and failed to implement security protections which enabled hackers to take control of customers’ accounts, cameras, and videos.
The FTC is now sending refunds totaling more than $5.6 million to US consumers as a result of the settlement. Ring LLC, which was purchased by Amazon in February 2018, sells internet-connected, home security cameras and video doorbells.
Read more…
Source: Malwarebytes Labs
Related:
- Personal data of 16 million Brazilian COVID-19 patients exposed online
November 26, 2020
The personal and health information of more than 16 million Brazilian COVID-19 patients has been leaked online after a hospital employee uploaded a spreadsheet with usernames, passwords, and access keys to sensitive government systems on GitHub this month. Among the systems that had credentials exposed were E-SUS-VE and Sivep-Gripe, two government databases used to store data ...
- Sophos notifies customers of data exposure after database misconfiguration
November 26, 2020
UK-based cyber-security vendor Sophos is currently notifying customers via email about a security breach the company suffered earlier this week. “On November 24, 2020, Sophos was advised of an access permission issue in a tool used to store information on customers who have contacted Sophos Support,” the company said in an email sent to customers and ...
- Ransomware hits largest US fertility network, patient data stolen
November 26, 2020
US Fertility, the largest network of fertility centers in the U.S., says that some of its systems were encrypted in a ransomware attack that affected the company two months ago, in September 2020. The US Fertility (USF) network is comprised of 55 locations across 10 states that completed almost 25,000 IVF cycles in 2018 through its ...
- Android chat app with 100 million installs exposes private messages
November 19, 2020
GO SMS Pro, an Android instant messaging application with over 100 million installs, is publicly exposing private multimedia files shared between its users. By abusing a flaw in the app, unauthenticated attackers can gain access to private voice messages, videos, and photos shared by GO SMS Pro users as Trustwave security researchers discovered three months ago. The ...
- Robot Vacuums Suck Up Sensitive Audio in ‘LidarPhone’ Hack
November 19, 2020
Researchers have uncovered a new attack that lets bad actors snoop in on homeowners’ private conversations – through their robot vacuums. The vacuums, which utilize smart sensors in order to autonomously operate, have gained traction over the past few years. The attack, called “LidarPhone” by researchers, in particular targets vacuums with LiDAR sensors, as the name ...
- German COVID-19 Contact-Tracing Vulnerability Allowed RCE
November 19, 2020
A security vulnerability in the infrastructure underlying Germany’s official COVID-19 contact-tracing app, called the Corona-Warn-App (CWA), would have allowed pre-authenticated remote code execution (RCE). Researcher Alvaro Muñoz wrote in a report this week that he and his team at GitHub Security Labs were chasing down RCE vulnerabilities on the platform and found one in the infrastructure ...