Amazon’s Ring Security Camera feeds were watched by employees

A report from the Intercept tells the story of unencrypted access and the abuse of customer trust.

A report from The Intercept details how Ring, the security company now owned by everyone’s favorite big brother Amazon, allowed lax security policies and cavalier attitude towards privacy led teams that didn’t need heightened levels of access to view unencrypted video feeds from customer cameras. According to the report, the activity began once Ring moved from San Francisco to Ukraine in 2016.

*Side note. Feel like that should’ve been a sign right there. Most companies would probably move to Austin, Texas; or somewhere in the midwest. Jamie Siminoff was like UKRAINE.

The Ring team in Ukraine was granted this access because the companies AI was underperforming and they needed manual data operators to tag items in the video. A report from The Information specified how the access was there even from the employee's homes. This was due to the footage being stored on Amazon’s S3 cloud storage in a folder, THAT HAD EVERY RING CUSTOMER VIDEO.

Personally, I don’t have Ring. I trusted another company with my security needs. But, if you’re a person who has cameras inside your home and you assume companies that provide you cloud storage and alerting are just going to be careful because well, why shouldn’t they, you’re a fool.

The source told the Intercept that: “If [someone] knew a reporter or competitor’s email address, [they] could view all their cameras.” The source also recounted instances of Ring engineers “teasing each other about who they brought home” after romantic dates.”

Ring responded to the report saying that they only allowed employees to watch the feeds that were published in Ring’s community app called Neighbors:

We take the privacy and security of our customers’ personal information extremely seriously. In order to improve our service, we view and annotate certain Ring videos. These videos are sourced exclusively from publicly shared Ring videos from the Neighbors app (in accordance with our terms of service), and from a small fraction of Ring users who have provided their explicit written consent to allow us to access and utilize their videos for such purposes.

We have zero tolerance for abuse of our systems and if we find bad actors who have engaged in this behavior, we will take swift action against them.

Even if, the Neighbors app was the only aspect of the company that the employees had access too, the incredibly strange policies and lack of concrete evidence that this didn’t happen is concerning.

If you enjoyed this piece, give it a few claps 👏 👏 so others see it too!

If you’d like to support the Unprofessionals, you can do so here or you can follow the Unprofessionals on Medium or Twitter.