cybersecurityTechnology · 2023

Amazon.com Inc. (Ring)

Ring, Amazon's home security camera subsidiary, agreed to pay $5.8 million after the FTC found it allowed employees and contractors unrestricted access to customers' private video footage — including intimate indoor cameras — and failed to implement security controls that enabled credential-stuffing attacks against thousands of customer accounts. The FTC characterised Ring's internal culture as 'anything goes' with respect to employee access to sensitive footage, including a Ukraine-based contractor allowed to view thousands of recordings without any purpose limitation or security review.

Fine Imposed€5.3M

Authority

FTC-US

Regulation

FTC Act Section 5 — Unfair or Deceptive Acts or Practices

Max fine$51,744 per violation per day for post-order violations; initial enforcement via consent orders without direct fines

Statusactive

Key Takeaways

Consumer security camera companies must implement strict access controls, audit logging, and purpose-limitation for all employee and contractor access to customer video — treating intimate home footage as a freely accessible product resource constitutes an unfair practice under FTC Act Section 5.