According to the report, it seems that there is a flaw in the Ring app that even after the user changes their password, it wasn’t forcing them to sign in again. It seems that in one case, an ex-partner of a Ring user had been watching the camera for months even after the password had been changed.
Ring claims to have started kicking users out in January this year after the flaw was discovered, but The Information’s test claims that this window is still open, albeit it lasts for a few hours instead of being perpetual. Considering that the Ring doorbell is part of the home security services that Amazon has recently started offering, it obviously doesn’t paint it in a very good light.
Ring has since issued a statement that reads, “Ring values the trust our neighbors place in us and we are committed to the highest level of customer information and data security. We strongly recommend that customers never share their username or password. Instead, they should add family members and other users to their devices through Ring’s ‘Shared Users’ feature. This way, owners maintain control over who has access to their devices and can immediately remove users. Our team is taking additional steps to further improve the password change experience.”