Users of Ring are observing multiple notifications about account logins from unauthorized devices, dated May 28, 2025. Ring developers claim that this is due to an error during a backend update.
Many Ring users received notifications indicating that on May 28, 2025, there were logins to their accounts from unusual devices located around the world. Naturally, this led people to assume that their accounts had been compromised.
Last week, Ring representatives stated that they are aware of “a bug that caused previous login dates to incorrectly appear as May 28, 2025.” The company also updated the Ring status page, indicating that reports of unauthorized logins were the result of a backend update error.
“We are aware of an issue related to the incorrect display of information in the Control Center,” states the official statement. “This is a result of a backend update, and we are working on resolving the issue. We have no reason to believe that any unauthorized access to customer accounts actually occurred.”
However, as reported by Bleeping Computer, users do not believe Amazon’s official explanations. People are writing that they have seen unknown devices, strange IP addresses, and countries they have never visited in the lists of authorized client devices. Therefore, these entries could not relate to previous system logins.
“Your ‘bug’ is absolute nonsense, and I don’t know any Derbhile, are they somehow connected to our Ring camera or family? Just admit you got hacked and fix it,” writes one user, attaching a screenshot to their message on X that shows a login from a device named “derbhile’s iPhone”.
“It’s interesting that you call this a ‘bug’, although one of several logins to my account that day was made from Spain, and I live in Texas. So this doesn’t look like a bug or a login from ‘previous devices’ at all. I assure you, I’ve never been to Spain,” another user notes.
Suspicions that Amazon might be concealing information about some incident are intensifying due to the fact that the backend update issue should have been resolved promptly. However, even several days later, people continued to receive alerts about logins from unknown devices.
Worse yet, some users report witnessing strange activity in real time when none of their family members have accessed the app. Others complain that they received no security notifications or two-factor authentication requests when adding new devices.
Journalists from Bleeping Computer reached out to Amazon representatives for comment, inquiring why Ring users are seeing devices in their accounts that they have definitely never owned and countries they have never visited.
However, Amazon did not provide the publication with any new information. The company reiterated that the IP addresses and devices users see on the Authorized Client Devices page have previously been used to log into the Ring account. Amazon noted that among these records, there may be devices that people no longer own, as well as devices of users with whom Ring account owners once shared their credentials.
2025.01.23 — Fake Telegram CAPTCHA forces users to run malicious PowerShell scripts
Hackers used the news of Ross Ulbricht pardoning to lure users to a rogue Telegram channel where they are tricked into running malicious PowerShell code. This…
Full article →
2025.03.12 — Mass exploitation of PHP-CGI vulnerability in attacks targeting Japanese companies
GreyNoise and Cisco Talos experts warn that hackers are actively exploiting CVE-2024-4577, a critical PHP-CGI vulnerability that was discovered and fixed in early June 2024. CVE-2024-457…
Full article →
2025.02.05 — Google patches Android zero-day vulnerability exploited by hackers
Google released the February set of patches for Android. In total, they fix 48 bugs, including a kernel zero-day vulnerability actively exploited by hackers. The zero-day's…
Full article →
2025.04.30 — Coinbase fixes 2FA bug that made customers panic
Cryptocurrency exchange Coinbase has fixed a bug in its Account Activity logs that caused customers to think their credentials were compromised. Earlier this month, BleepingComputer…
Full article →
2025.02.08 — Hackers exploit RCE vulnerability in Microsoft Outlook
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) warned Federal Civilian Executive Branch (FCEB) Agencies that they have to secure their systems from ongoing…
Full article →
2025.02.09 — Abandoned AWS S3 buckets could be used in attacks targeting supply chains
watchTowr discovered plenty of abandoned Amazon S3 buckets that could be used by attackers to deliver malware and backdoors to government agencies and large corporations. The researchers discovered…
Full article →
2025.03.10 — Nearly a million Windows computers impacted by a malvertising campaign
According to Microsoft, nearly 1 million Windows devices fell victim to a sophisticated malvertising campaign in recent months. Cybercriminals were able to steal credentials, cryptocurrency, and sensitive…
Full article →
2025.02.12 — 2.8 million IP addresses used to brute-force network devices
The Shadowserver Foundation warns of a massive web login brute-forcing attacks targeting nearly 2.8 million IP addresses per day. Unknown attackers are seeking…
Full article →
2025.02.18 — Chrome Enhanced Protection mode is now powered by AI
The Enhanced Protection mode in Google Chrome has been updated. Now it uses AI to protect users from dangerous sites, downloads, and extensions in real time.…
Full article →
2025.03.28 — Zero-day vulnerability in Windows results in NTLM hash leaks
Security experts reported a new zero-day vulnerability in Windows that enables remote attackers to steal NTLM credentials by tricking victims into viewing malicious files in Windows…
Full article →