Hackers throwing credentials Ring line - Hackers launching Ring Credentials line 'for laughs': In the last two weeks, hackers have published thousands of valid Ring Camera account credentials on hacking forums and the Dark Web.

In most cases, they did so to gain a reputation in the hacker community, but also "for laughs" in the hopes that someone else will hack Ring users, hack their accounts, make jokes or sign up. users at home.

These credential lists were compiled using a technique called credential filling. Hackers used special tools and applications that took username and password leaked through data breaches elsewhere, and tested their validity against Ring's account system.

Hackers throwing credentials Ring line

The matching username and password combos were published online. In some cases, the hackers also published the tools they used, to let other hackers try it.

BuzzFeed reported on a list of more than 3,600 Ring accounts yesterday. TechCrunch reported on another list of 1,500 Ring accounts. ZDNet also received the list from TechCrunch.

The tipper at ZDNet said he notified Ring about the problem earlier this week, and the company has begun resetting passwords and notifying customers.

ZDNet also received links to three other instances where hackers had compiled lists of Ring accounts credentials, which they downloaded online to increase their peer reputation.

Two of those lists were removed by the service provider where they were uploaded. The last one was a list that claimed to have credentials for 100,000 Ring accounts.

ZDNet shared the list with Ring's security team. The company said of the 100,000 credentials, only 4,000 tickets were for a real Ring account. The company was not up to date with this particular list, but said they have already reset passwords and notified account owners in the past, suggesting that other hackers had identified these same accounts in the past. .

The origin of this data was also without a doubt credential filling. All emails that ZDNet tested were breached on other services.

We tested many against the Have I Been Pwned service, and they were all listed for a number of violations that combined email and password combinations in the past.

Some of the Ring users on the list we contacted confirmed that they reused passwords. Some said they changed the passwords on their own after reading about Ring security camera hacks online, at a number of places. Some still used the passwords and proceeded to change them after we communicated.

In addition, the hacker who posted the 100k account list also previously published a "Ring Configuration" for OpenBullet, a tool used to automate credential filling attacks.

The list of 100k Ring accounts was published online on December 11, the same day that Vice published an article on the emergence of tools for hacking Ring accounts in underground hacking communities.

The next day, Vice released a report on how hackers were using these tools to get into their accounts and then scare, joke and tape Ring camera users at home, recordings which they later shared in a chat room. Discord, part of a podcast called Nulledcast.

These two articles, and the others that went on to detail the Ring Camera hacks, aroused interest in hacking forums on Ring related hacks.

Posts from various underground forums show that users started soliciting and sharing Ring's valid user credentials, and tools for testing and hijacking accounts.

Hackers shared these lists by encouraging others to record Ring owners through their Ring camera and to share the recording "for laughs".

Others simply shared lists without the sole reason to maintain or increase their reputation, saying they always "deliver" what the community wants or wants.

Cracked and Nulles, the two forums at the heart of both Vice's articles, banned any Ring-related topics last week, in an effort to prevent police inquiries, although both forums contain other illicit content. legal or hacked.

However, there are currently other online forums that have no problem harboring hackers who continue to trade with Ring related hacking tools and compromised accounts.

A Ring spokesman told ZDNet yesterday that there was no breach of its internal servers and, for its part, accounts are compromised due to credential filling attacks and users reusing passwords in their accounts. online services.

The company last week posted a blog post with basic tips on how Ring camera owners can protect their accounts and prevent hackers from hijacking accounts easily.

In a follow-up report this week, Vice said that Ring could be enhanced by adding additional security features to its Ring user account system, such as support for a CAPTCHA to prevent auto-attacks or a flag when more from an account registered person, to help users detect intrusions.

Ring is not the only company that has little protection against credentialing attacks.