Amazon, Ring face $5 million proposed class action lawsuit that alleges camera 'vulnerable' to cyber-attacks

Several Ring customers have reported their camera systems were hacked.

December 27, 2019, 10:06 PM

Amazon and Ring were slapped with a $5 million proposed class action federal lawsuit Thursday that alleges their camera systems are vulnerable to cyberattacks.

Earlier this month, at least four families in Florida, Georgia, Mississippi and Texas reported that their Ring camera systems were compromised. In those cases, the customers say hackers tormented them with racial slurs, encouraged children into destructive behavior and demanded a ransom in Bitcoin.

But John Baker Orange, the lead plaintiff of the lawsuit, charges that there are "thousands of putative class members" around the world.

Orange, of Alabama, bought the Ring outdoor camera in July for $249 to add extra security for his wife and three young children, aged 7 to 10. As the children were playing basketball, an unknown voice came through the camera's two-way speaker commenting on their game and encouraging them to get closer to the camera, according to the lawsuit.

Regarding the multi-million dollar lawsuit, the California-based Ring LLC. told ABC News on Friday that it does not comment on legal matters.

People walk past the Amazon Spheres, in Seattle, on Jan. 29, 2018l.
AFP via Getty Images, FILE

Ring was released in 2015 and expanded to include indoor and outdoor cameras that feature video with two-way audio communications. The security product is "affordable, easy to install, simple to use," and is designed to operate through the customer's Wi-Fi network and has partnerships with law enforcement agencies around the country, according to the suit.

Amazon acquired Ring in February 2018 for $1 billion.

"Our mission to reduce crime in neighborhoods has been at the core of everything we do at Ring," Jamie Siminoff, CEO and chief inventor of Ring, said in a statement after the acquisition was completed in April 2018.

After the reports of back-to-back hacking incidents, Ring responded by placing "blame squarely on its customers" for using "weak passwords that have previously been compromised," the lawsuit charged.

An Inc. Ring indoor camera is displayed during an unveiling event at the company's headquarters in Seattle, Sept. 25, 2019.
Bloomberg via Getty Images, FILE

"Ring failed to meet this most basic obligation by not ensuring its Wi-Fi-enabled cameras were protected against cyber-attack," according to the lawsuit that was filed on Thursday in the U.S. District Court in the Central District of California. "Notably, Ring only required users enter a basic password and did not offer or did not compel two-factor authentication."

When reached for comment, Amazon referred ABC News to Ring, who said it does not comment on legal matters.

The lawsuit also charges that the Ring's "lax security" has become the subject of a podcast where hackers host live events where they "terrorize occupants for entertainment."

Ring, without commenting on any specific incident, defended the security of its products.

“Ring has not had a data breach. Our security team has investigated these incidents, and we have no evidence of an unauthorized intrusion or compromise of Ring’s systems or network,” the company said in a statement Friday. “It is not uncommon for bad actors to harvest data from other company's data breaches and create lists like this so that other bad actors can attempt to gain access to other services.”

Ring said it notified customers whose accounts were exposed and reset their passwords. To help keep its products secure, the company said customers should enable two-factor authentication and change their passwords.

The lawsuit is seeking $5 million in damages for negligence, invasion of privacy, breach of the implied warranty of merchantability, breach of implied contract, unjust enrichment and violation of the unfair competition charges.

Related Topics