
Users of Ring are observing multiple notifications about account logins from unauthorized devices, dated May 28, 2025. Ring developers claim that this is due to an error during a backend update.
Many Ring users received notifications indicating that on May 28, 2025, there were logins to their accounts from unusual devices located around the world. Naturally, this led people to assume that their accounts had been compromised.
Last week, Ring representatives stated that they are aware of “a bug that caused previous login dates to incorrectly appear as May 28, 2025.” The company also updated the Ring status page, indicating that reports of unauthorized logins were the result of a backend update error.
“We are aware of an issue related to the incorrect display of information in the Control Center,” states the official statement. “This is a result of a backend update, and we are working on resolving the issue. We have no reason to believe that any unauthorized access to customer accounts actually occurred.”
However, as reported by Bleeping Computer, users do not believe Amazon’s official explanations. People are writing that they have seen unknown devices, strange IP addresses, and countries they have never visited in the lists of authorized client devices. Therefore, these entries could not relate to previous system logins.
“Your ‘bug’ is absolute nonsense, and I don’t know any Derbhile, are they somehow connected to our Ring camera or family? Just admit you got hacked and fix it,” writes one user, attaching a screenshot to their message on X that shows a login from a device named “derbhile’s iPhone”.
“It’s interesting that you call this a ‘bug’, although one of several logins to my account that day was made from Spain, and I live in Texas. So this doesn’t look like a bug or a login from ‘previous devices’ at all. I assure you, I’ve never been to Spain,” another user notes.
Suspicions that Amazon might be concealing information about some incident are intensifying due to the fact that the backend update issue should have been resolved promptly. However, even several days later, people continued to receive alerts about logins from unknown devices.
Worse yet, some users report witnessing strange activity in real time when none of their family members have accessed the app. Others complain that they received no security notifications or two-factor authentication requests when adding new devices.
Journalists from Bleeping Computer reached out to Amazon representatives for comment, inquiring why Ring users are seeing devices in their accounts that they have definitely never owned and countries they have never visited.
However, Amazon did not provide the publication with any new information. The company reiterated that the IP addresses and devices users see on the Authorized Client Devices page have previously been used to log into the Ring account. Amazon noted that among these records, there may be devices that people no longer own, as well as devices of users with whom Ring account owners once shared their credentials.

2025.02.21 — Microsoft fixes vulnerability in Power Pages exploited by cybercriminals
Microsoft patched a severe privilege escalation vulnerability in Power Pages used by hackers as a 0-day. The vulnerability tracked as CVE-2025-24989 (CVSS score 8.2) pertains…
Full article →
2025.04.01 — Hackers abuse MU plugins to inject malicious payloads to WordPress
According to Sucuri, hackers store malicious code in the MU-plugins (Must-Use Plugins) directory in WordPress and execute it while remaining undetected. The technique was first discovered…
Full article →
2025.04.29 — FBI Offers 10 million USD for information on Salt Typhoon members
The FBI offers up to 10 million USD for information about members of the Chinese hacker group Salt Typhoon and last year's attack that had…
Full article →
2025.04.15 — Hackers exploit authentication bypass bug in OttoKit WordPress plugin
Hackers exploit an authentication bypass vulnerability in the OttoKit (formerly SureTriggers) WordPress plugin used by more than 100,000 websites. First attacks were recorded just…
Full article →
2025.02.06 — Let's Encrypt to stop sending expiration notification emails
The nonprofit organization announced that, starting June 4, 2025, it will stop sending expiration notification emails to subscribers. The primary reason behind this decision…
Full article →
2025.02.07 — 768 vulnerabilities were exploited by hackers in 2024
According to VulnCheck, 768 CVEs were registered as exploited in real-life attacks in 2024. This is 20% greater compared to 2023 when hackers exploited 639 vulnerabilities. Interestingly,…
Full article →
2025.04.22 — Scammers pose as FBI IC3 specialists, offer 'assistance' to fraud victims
According to the FBI, scammers impersonating employees of the FBI Internet Fraud Complaint Center (IC3) contact fraud victims offering them 'assistance' in getting their money…
Full article →
2025.02.20 — Newly-discovered vulnerabilities in OpenSSH open the door to MiTM and DoS attacks
OpenSSH fixed two vulnerabilities that could result in MiTM and denial of service (DoS) attacks. Interestingly, one of these bugs appeared in the code more than 10…
Full article →
2025.03.20 — 8,000 vulnerabilities identified in WordPress ecosystem in 2024
According to Patchstack, world's #1 WordPress vulnerability intelligence provider, 7,966 new vulnerabilities were identified in the WordPress ecosystem in 2024; most of these bugs affected plugins…
Full article →
2025.02.12 — 2.8 million IP addresses used to brute-force network devices
The Shadowserver Foundation warns of a massive web login brute-forcing attacks targeting nearly 2.8 million IP addresses per day. Unknown attackers are seeking…
Full article →