And, now, in another scary case, a cache of more than 3,500 log-in credentials for Amazon's Ring cameras have been exposed online.
Here's all you need to know about it.
3,672 Ring camera emails, passwords posted online
The database, first reported by BuzzFeed News, contained information on as many as 3,672 Ring camera owners.
This included a range of data, including their unique email addresses, passwords, time zones, and the names given to specific cameras (like kitchen or front door).
Notably, TechCrunchalso reported the discovery of a similar-looking database, albeit with just 1,562 records, on a dark web text-sharing site.
This poses a major threat to security of Ring owners
While TechCrunch's database also had email-password combinations, it remains unclear if the records in it are exactly similar to those reported by BuzzFeed.
Either way, the data in question is extremely critical, as a threat actor could use it to log into Ring owners' accounts and access the live camera footage, historical recordings or other information like home address, phone number, and payment data.
No word on how this information was exposed
So far, there's no evidence indicating when or how Ring camera owners' log-in credentials were exposed.
The Amazon-owned company, on its part, has distanced itself saying that there was no breach on its side.
"Ring has not had a data breach," it said. "Our security team has investigated these incidents, and we have no evidence of an unauthorized intrusion or compromise of Ring's systems."
Ring: Perhaps, it is information from some other company's breach
"It is not uncommon for bad actors to harvest data from other company's data breaches and create lists like this so that other bad actors can attempt to gain access to other services," the company added while throwing the blame for the leak around.
Still, the company is notifying some affected users
Amazon emphasized that its security hasn't been breached but also accepted that some of its customers have been exposed.
In a statement toThe Verge, the company said it is notifying the affected users and resetting their passwords as a precautionary step.
However, the weird thing is, not every individual whose records were exposed received the security alert from Ring.
Enable two-factor authentication for account security
As it remains unclear how this information was exposed, we'd recommend upgrading the security of your Ring account by enabling two-factor authentication and choosing a password created by a reliable password manager.
With these steps, hackers won't be able to carry out brute force attacks, which is exactly what, Amazon says, the email-passwords combinations from 'other company's data breaches' have been shared for.