Smart doorbell company Ring allowed employees to share unencrypted customer videos with each other, according to reports by both The Intercept and The Information.
The reports say that Ring, which was purchased by Amazon last year, gave various teams access to unencrypted customer video files on company servers and live feeds from some customer cameras, regardless of whether that access was necessary.
The reports say that this behavior began in 2016, when Ring founder Jamie Siminoff moved the company’s efforts from San Francisco to Ukraine to save money.
Sources tell The Information that for months after the Ukraine office was opened, videos were frequently transmitted without encryption.
In addition, the company provided its R team in Ukraine with virtually unrestricted access to a folder on the company’s Amazon’s S3 cloud storage instance containing every Ring customer video.
These videos were unencrypted, and could be easily downloaded and shared.