The ALPHV ransomware gang is claiming that it is sitting on data from Amazon’s Ring network of personal security cameras, but Amazon has yet to confirm an internal breach and the criminals are not being forthcoming about exactly what they stole.
Amazon’s Ring is now the biggest name in doorbell and home security cameras in the United States, with a substantial business presence as well. Amazon has confirmed that a third party vendor has been hit with the BlackCat ransomware, known to be used by ALPHV, but has not yet confirmed that any of its own data was stolen.
Ransomware gang alludes to having Amazon data, but details are still foggy
Amazon’s Ring customer data is apparently safe, according to a statement from the company, but beyond that it is unclear what (if anything) might have been lost. Amazon has also not yet named the specific third party vendor that was breached, making it even tougher to validate the ransomware gang’s claims.
Other than personal information, the only threat to Amazon’s Ring customers might be the theft of their video. Ring offers end-to-end encryption with most of its video products, though end users also usually need to enable it manually. One would think that if private video was stolen, the ransomware gang would be quick to let the world know about it; the fact that it won’t be specific about data points to less sensitive internal corporate data being taken (if anything was).
Third party vendor confirmed to be breached, but Amazon’s Ring withholding details
Notice of Amazon’s Ring being breached first appeared on the ransomware gang’s dark web site used for extorting victims, but there is little information available beyond the short message posted there. ALPHV has become one of the more active ransomware gangs as of late, with some hits on prominent companies in 2022. However, it has also previously been caught exaggerating about breaches, and it has shown complete moral bankruptcy in its attacks on cancer centers and other patient care facilities.
Whoever the third party vendor is, Amazon would only say that they do not have access to customer records. However, the company has also closed ranks around providing public information on this breach to an unusual degree.
Some security analysts feel that there is reason for serious concern, despite Amazon’s statements downplaying the incident. Amazon is extremely unlikely to make a ransom payment, which means that any stolen data will likely be leaked to the dark web at some point. This could potentially include information that compromises home or business security systems, or sensitive video that could be used for blackmail.
Security issues with Amazon’s Ring system in the past have generally been centered on repeatable flaws in individual cameras or home networks, something that was a major issue in 2019. Some privacy advocates and security experts have also expressed concern at the level of access that Amazon grants to law enforcement agencies and its proactive partnerships with them, as well as its willingness to turn over private user video when presented with legally questionable warrants.