John Baker Orange of Alabama has filed a class-action lawsuit against Ring and its parent company Amazon. It claims the companies didn’t do enough to secure their camera systems against cyberattacks.
Orange said he bought the Ring outdoor camera in July to add extra security for his wife and three young children. When their two kids were playing basketball, a strange voice came through the camera’s speakers and addressed the children.
“Recently, Mr. Orange’s children were playing basketball when a voice came on through the camera’s two-way speaker system,” the lawsuit explains. “An unknown person engaged with Mr. Orange’s children, commenting on their basketball play and encouraging them to get closer to the camera.”
At least four other families reported earlier this month that their Ring camera systems were compromised. They claim that hackers harassed them with racial slurs, encouraged children to engage in destructive behavior and demanded a ransom in Bitcoin.
Ashley LeMay said that she purchased the camera to watch over her daughter while she was at work.
“I did a lot of research on these before I got them. You know, I really felt like it was safe,” she said.
A few days after she installed the camera, her daughter Alyssa heard a voice coming from her room. The video footage shows Tiny Tim’s “Tiptoe Through the Tulips” playing over the speakers before an unknown man started talking.
“I’m your best friend. I’m Santa Claus,” the voice said. “I’m Santa Claus. Don’t you want to be my best friend?”
The suit accused Ring of negligence, invasion of privacy, breach of the implied warranty, breach of the implied contract, unjust enrichment and violation of unfair competition law.
The lawsuit alleges that after hearing about the hacking incidents, Ring placed “blame squarely on its customers” for using “weak passwords that have previously been compromised.”
“Ring failed to meet this most basic obligation by not ensuring its Wi-Fi-enabled cameras were protected against cyber-attack,” the lawsuit claims. “Notably, Ring only required users enter a basic password and did not offer or did not compel two-factor authentication.”