Amazon Ring security camera data left unprotected on the open web

The miniature security camera maker Ring, which was acquired by Amazon in 2017 for a reported $1 billion, has a history of inadequate oversight of the data collected by those cameras on behalf of its customers. In 2016, it reportedly granted virtually unlimited access to its Ukraine-based research and development team to a folder on Amazon's S3 cloud service that held, unencrypted, every video Ring cameras around the world had recorded in order to compensate for weaknesses in its facial and object recognition software. By 2019, a team of humans was still watching and annotating customer video, both external and internal to help its Neighbors system function, though without notifying customers. Ring also granted its US executives and engineers privileged access to the company's technical support portal, which would have given them at-will access to some customers' live feeds.
Writer: Sam Biddle
Publication: Intercept