A family in DeSoto County, Mississippi, bought a Ring security camera so they could keep an eye on their three young girls in their bedroom. Four days later, they learned that a hacker had broken into the camera and subjected their children to continuous bedroom surveillance, taunting the children through the camera's built-in speaker.
Ring blamed the break-in on the failure of the family to turn on two-factor authentication, using a weak password, and failing to change passwords (these are all good ideas, except for frequently changing passwords, which just leads to weaker password quality — but they're also things that almost no one does).
Motherboard identified several crime-forums where hackers were trading automated tools to break into Ring cameras, using credential-stuffing attacks (previously), which involve trying a succession of leaked username/password combos until you find one that has been recycled on the service you're trying to break into. These tools sell for as little as $6.
Other Ring camera owners have faced similar privacy invasions, including a family in Florida that was subjected to a string of racial abuse through their cameras' speakers.
Using good passwords and 2FA is good advice, but better advice is to never put networked cameras or microphones in your home, ever.
In a video obtained by WMC5 courtesy of the family, you can see what the hacker would have seen: A viewpoint that looms over the entire room from where the camera is installed in a far corner, looking down on their beds and dressers while they play. The hacker is heard playing the song "Tiptoe Through the Tulips" through the device's speakers, and when one of the daughters, who is eight years old, stops and asks who's there, the hacker says, "It's Santa. It's your best friend."
How Hackers Are Breaking Into Ring Cameras [Joseph Cox and Samantha Cole/Motherboard]