Someone gained access to the Ring security camera of a Mississippi family and used the speaker feature to harass their 8-year-old daughter, telling her he was Santa Claus and encouraging her to destroy the room.
The horrifying ordeal is one of several recent incidents in which hackers have figure out a way to log into Ring accounts without the user’s knowledge.
Ashley LeMay told CNN affiliate WMC she installed the camera in her daughters’ room so she could watch over them while she works overnight nursing shifts. “I did a lot of research on these before I got them. You know, I really felt like it was safe,” she told the affiliate.
The intrusion happened just four days after she installed it when she was running an errand and her husband was at home with the kids.
When her daughter Alyssa heard noises coming from her bedroom, the child went in to see what it was.
The Ring camera footage, obtained by WMC, shows Alyssa standing nervously in her room while Tiny Tim’s rendition of “Tiptoe through the Tulips,” a warbling song featured in the horror movie “Insidious,” plays over the camera’s speaker.
“Who is that,” Alyssa asks, after a man’s voice fills her room.
“I’m your best friend. I’m Santa Claus,” the voice says. “I’m Santa Claus. Don’t you want to be my best friend?”
WMC reported the unidentified person continued to harass the girl, taunting her and encouraging her to destroy her room.
“I watched the video and I mean my heart just like … I didn’t even get to the end where she is screaming ‘Mommy, mommy’ before I like ran inside,” LeMay said.
In a statement sent to CNN, Ring said the hacker did not gain access through a data breach or compromise of Ring’s security. Instead, the person likely took advantage of the family’s weak account security.
“Customer trust is important to us and we take the security of our devices seriously,” the statement said. “We have investigated this incident and can confirm it is in no way related to a breach or compromise of Ring’s security.”
According to the statement, Ring users “often use the same username and password for their various accounts and subscriptions.” If those were to fall into the wrong hands, those devices could be compromised.
“As a precaution, we highly and openly encourage all Ring users to enable two-factor authentication on their Ring account, add Shared Users (instead of sharing login credentials), use strong passwords, and regularly change their passwords,” the statement said.
Ashley told WMC she had not set up two-factor authentication on her device.
Others have been hacked and harassed
There were at least three other instances in the past week alone involving Ring devices.
On Wednesday morning, a father in Nebraska was shocked to hear a voice talking to his daughter through the Ring camera on their kitchen counter. He told CNN affiliate WOWT that he immediately unplugged the device and called Ring, who told him a third-party device had logged into his account.
Earlier this week, an Atlanta woman was in her bed when a man’s voice came over her bedroom Ring camera, yelling that he could see her and demanding that she wake up, CNN affiliate WSB-TV reported.
On Sunday night in Florida, a Cape Coral couple was harassed by a person over their Ring camera who made racist comments about their biracial family, revealing that he had likely been watching them for days.
On each of these occasions, Ring said the system invasion was not the result of a breach or failure of Ring’s security. Instead, the hacker had likely gained access to the family’s account through weak or stolen login credentials.
How to avoid being a victim
Most customers, called “neighbors” by Ring, buy the cameras hoping to get the peace of mind and protection the company advertises.
Steps can be taken to protect your personal data and make it more difficult for unknown people to gain access to your accounts.
Practicing good security habits with strong and unique passwords is the first step towards strengthening your account security.
Change default password immediately and avoid using phrases or dates that are significant to you, like birthdays or relatives’ names.
Remembering multiple passwords is difficult, but password managers like 1Password or LastPass can help you keep your passwords secure but on hand for when you need to use them.
Two-factor or two-step authentication, like Ring encourages its users to set up, adds an additional layer of security on your accounts.
Two-step authentication involves a user entering a password followed by a prompt to either enter a code sent via text or email, swipe a fingerprint or provide another way to prove their identity.
An earlier version of this story misidentified the state where the LeMay family lives. They live in Mississippi.