Users of Ring are observing multiple notifications about account logins from unauthorized devices, dated May 28, 2025. Ring developers claim that this is due to an error during a backend update.
Many Ring users received notifications indicating that on May 28, 2025, there were logins to their accounts from unusual devices located around the world. Naturally, this led people to assume that their accounts had been compromised.
Last week, Ring representatives stated that they are aware of “a bug that caused previous login dates to incorrectly appear as May 28, 2025.” The company also updated the Ring status page, indicating that reports of unauthorized logins were the result of a backend update error.
“We are aware of an issue related to the incorrect display of information in the Control Center,” states the official statement. “This is a result of a backend update, and we are working on resolving the issue. We have no reason to believe that any unauthorized access to customer accounts actually occurred.”
However, as reported by Bleeping Computer, users do not believe Amazon’s official explanations. People are writing that they have seen unknown devices, strange IP addresses, and countries they have never visited in the lists of authorized client devices. Therefore, these entries could not relate to previous system logins.
“Your ‘bug’ is absolute nonsense, and I don’t know any Derbhile, are they somehow connected to our Ring camera or family? Just admit you got hacked and fix it,” writes one user, attaching a screenshot to their message on X that shows a login from a device named “derbhile’s iPhone”.
“It’s interesting that you call this a ‘bug’, although one of several logins to my account that day was made from Spain, and I live in Texas. So this doesn’t look like a bug or a login from ‘previous devices’ at all. I assure you, I’ve never been to Spain,” another user notes.
Suspicions that Amazon might be concealing information about some incident are intensifying due to the fact that the backend update issue should have been resolved promptly. However, even several days later, people continued to receive alerts about logins from unknown devices.
Worse yet, some users report witnessing strange activity in real time when none of their family members have accessed the app. Others complain that they received no security notifications or two-factor authentication requests when adding new devices.
Journalists from Bleeping Computer reached out to Amazon representatives for comment, inquiring why Ring users are seeing devices in their accounts that they have definitely never owned and countries they have never visited.
However, Amazon did not provide the publication with any new information. The company reiterated that the IP addresses and devices users see on the Authorized Client Devices page have previously been used to log into the Ring account. Amazon noted that among these records, there may be devices that people no longer own, as well as devices of users with whom Ring account owners once shared their credentials.
2025.04.10 — April updates released by Microsoft cause issues with Windows Hello
Microsoft warns that some Windows users who have installed the April updates might be unable to login to their Windows services using Windows Hello facial recognition…
Full article →
2025.02.21 — Microsoft fixes vulnerability in Power Pages exploited by cybercriminals
Microsoft patched a severe privilege escalation vulnerability in Power Pages used by hackers as a 0-day. The vulnerability tracked as CVE-2025-24989 (CVSS score 8.2) pertains…
Full article →
2025.01.24 — Hundreds of websites impersonating Reddit and WeTransfer spread Lumma Stealer
Sekoia researcher crep1x discovered that hackers are currently using some 1,000 pages impersonating Reddit and WeTransfer. Victims visiting these sites are tricked into…
Full article →
2025.04.07 — Critical RCE vulnerability discovered in Apache Parquet
All versions of Apache Parquet up to and including 1.15.0 are affected by a critical remote code execution (RCE) vulnerability whose CVSS score is 10 out…
Full article →
2025.04.16 — Android devices will restart every three days to protect user data
Google introduces a new security feature for Android devices: locked and unused devices will be automatically restarted after three days of inactivity to return their memory to an…
Full article →
2025.04.04 — Privilege escalation vulnerability in Google Cloud resulting in sensitive data leaks finally patched
Tenable Research revealed details of a recently patched privilege escalation vulnerability in Google Cloud Platform (GCP) Cloud Run enabling an attacker to gain access to container images…
Full article →
2025.04.30 — Coinbase fixes 2FA bug that made customers panic
Cryptocurrency exchange Coinbase has fixed a bug in its Account Activity logs that caused customers to think their credentials were compromised. Earlier this month, BleepingComputer…
Full article →
2025.02.03 — PyPI introduces a project archival system to combat malicious updates
The Python Package Index (PyPI) introduces a new project archival system: a project can now be archived to notify users that it's not expected to be updated…
Full article →
2025.04.22 — Scammers pose as FBI IC3 specialists, offer 'assistance' to fraud victims
According to the FBI, scammers impersonating employees of the FBI Internet Fraud Complaint Center (IC3) contact fraud victims offering them 'assistance' in getting their money…
Full article →
2025.04.15 — Hackers exploit authentication bypass bug in OttoKit WordPress plugin
Hackers exploit an authentication bypass vulnerability in the OttoKit (formerly SureTriggers) WordPress plugin used by more than 100,000 websites. First attacks were recorded just…
Full article →