The U.S. Federal Trade Commission accused Ring of turning home security cameras into surveillance tools for employees and attackers alike. The complaint describes years of failures that exposed customers to spying, harassment, and abuse inside their own homes. This was not a hypothetical risk or an isolated incident. It was how Ring operated.
Ring marketed its products as tools for safety and peace of mind. In reality, the company allowed employees and contractors to access private video feeds with minimal restriction while failing to implement basic security measures that would have stopped attackers from taking control of cameras. Bedrooms, bathrooms, and children’s rooms were not exceptions.
Ring enabled internal spying
According to the FTC’s complaint, Ring failed to restrict employee and contractor access to customer videos. There were no effective controls to ensure that footage from inside private homes was accessed only when necessary. One employee viewed thousands of recordings belonging to female users over several months, including footage from bedrooms and bathrooms. The behavior continued until another employee happened to notice it.
Ring could not determine how many other employees had accessed private videos inappropriately because it failed to implement basic monitoring and audit controls. Customers were not meaningfully informed that human reviewers could watch their footage. Ring buried this reality in dense terms and privacy policies while continuing to promote its cameras as private and secure.
The FTC also found that Ring used customer videos to train algorithms without proper consent. As part of the order, Ring was required to delete videos, face embeddings, and any models or work products derived from unlawfully accessed footage. That requirement alone shows how deeply Ring treated private home surveillance as a resource rather than a responsibility.
Ring ignored known security threats
At the same time Ring allowed internal access to private footage, it failed to protect customer accounts from well-known attacks. Credential stuffing and brute force attacks were being used against Ring users as early as 2017. Ring was warned by its own employees, outside security researchers, and media reporting. It still failed to implement effective multi-factor authentication until years later.
As a result, hackers gained control of tens of thousands of Ring accounts. They accessed stored videos and live feeds and used the cameras’ two-way audio to harass and threaten users. According to the FTC, attackers screamed racist abuse at children, sexually harassed individuals, and threatened families with physical harm unless ransom was paid.
The FTC’s order forced Ring to pay $5.8 million in consumer refunds, delete unlawfully obtained data and models, and implement long-overdue privacy and security controls. The order also prohibited Ring from profiting from videos it accessed illegally.
Home security cameras demand absolute trust. Ring demonstrated that it does not deserve it. When a company allows employees to watch private homes and leaves systems open to attackers, the product is not security. It is surveillance sold on a subscription plan.
Blackout VPN exists because privacy is a right. Your first name is too much information for us.
Keep learning
FAQ
When did the FTC take action against Ring
The FTC filed its complaint and proposed order against Ring in 2023.
Did Ring employees access private home footage
Yes. The FTC documented employees viewing videos from bedrooms and bathrooms without proper controls.
How did hackers take over Ring cameras
Through credential stuffing and brute force attacks that Ring failed to adequately prevent.
Were children affected by these failures
Yes. Hackers used compromised cameras to harass and threaten children in their rooms.
What penalties did Ring face
Ring was ordered to pay refunds, delete unlawfully derived data and models, and implement strict security controls.