Amazon has revealed that it fired four employees over the past four years for improperly accessing video data from users’ Ring security door bells.
The company has detailed the sackings in its response to questions from five Democratic senators in a November letter to Amazon following the disclosure of Wi-Fi security flaws in Ring devices a month earlier.
Ring has faced several controversies over privacy and security in recent months. Reports last year suggested that Ring workers in Ukraine could view users’ videos without their knowledge. And in December hackers dumped thousands of Ring user credentials online.
SEE: Digital transformation: A CXO’s guide (ZDNet special report) | Download the report as a PDF (TechRepublic)
Ring security was again in the spotlight last month after someone used compromised login credentials to remotely access a Ring device and shout obscenities at an eight-year-old girl in Mississippi.
Privacy advocates have also criticized Ring for its partnerships with dozens of US police departments in which citizens are offered free door bells in exchange for agreeing to provide video footage as part of a public-safety and surveillance program.
On top of these issues, Ring has been criticized for not requiring users to enable two-factor authentication and failing to alert users when a new device connects to an account.
The five senators questioned Ring about its video data retention and deletion practices, account security measures, and employee access to stored data.
Ring sent its response to the senators on Monday as it unveiled new a privacy and security Control Center in its mobile app, allowing users to manage connected devices, third-party service connections, and opt out of receiving video requests from local police departments. The company now also requires two-factor authentication but only for new products.
According to ZDNet sister site CNET, Ring told the senators that it had also started notifying people when new devices access their account and when passwords have been compromised.
SEE: Ring Smart Lighting review: Convenient and affordable home security products
US senator Ron Wyden was not impressed that Ring is only enabling two-factor authentication for new devices.
“Requiring two-factor for new accounts is a step in the right direction, but there are millions of consumers who already have a Ring camera in their homes who remain needlessly vulnerable to hackers,” Wyden said.
“Amazon needs to go further – by protecting all Ring devices with two-factor authentication.”
Ring instead is leaving it up to existing customers to decide whether to enable two-factor authentication. Ring CEO Jamie Siminoff told CNET that enabling the additional security measure requires that users be logged out and that the company didn’t want to force logouts.
Ring told ZDNet that it has contacted all its customers to encourage them to enable two-factor authentication, change passwords, and follow best practices for keeping their accounts secure.
“Privacy, security, and user control will always be paramount as we pursue and improve technologies that help achieve our mission of helping to make neighborhoods safer,” a Ring spokesperson said.
“We take the protection of customer data very seriously and are always looking for ways to improve our security measures.”