In one of the more bizarre hacking cases of recent times, Ring cameras are being targeted by hackers not for profit but for sharing via a video livestream.

In an exploit detailed today by Motherboard, Ring camera owners in multiple states have been targeted with the livestream and subsequent harassment of owners shared via NulledCast on the digital distribution platform Discord. The livestream is linked to a forum called Nulled where tools for accessing Ring cameras are sold and traded.

“Sit back and relax to over 45 minutes of entertainment,” an advertisement for the podcast reads. “Join us as we go on completely random tangents such as; Ring & Nest Trolling, telling shelter owners we killed a kitten, Nulled drama and more ridiculous topics. Be sure to join our Discord to watch the shows live.”

Some of the cases include those behind the livestream targeting an eight-year-old girl in Memphis, Tennessee, and in another case taunting a family in Florida with racial slurs. Although those behind it are doing it for the “lulz,” in one case in Grand Prairie, Texas, a demand for 50 bitcoin ($359,750) was made, though likely not seriously.

The software used to break into the Ring cameras is said to use previously compromised email addresses and passwords to break into Ring cameras at large scale.

Given that the attacks have all involved reused passwords, Ring responded to the report by noting that its services have not been compromised and that owners should use unique passwords.

“Unfortunately, when people reuse the same username and password on multiple services, it’s possible for bad actors to gain access to many accounts,” Ring said in a blog post. “Upon learning of the incident, we took appropriate actions to promptly block bad actors from known affected Ring accounts and affected users have been contacted. Out of an abundance of caution, we encourage Ring customers to change their passwords and enable two-factor authentication.”

The case highlights again the dangers of reusing passwords across multiple accounts, particularly in an age where password managers are plentiful and often free to use.

A study from Microsoft Corp. last week found 44 million Microsoft and Azure cloud account holders were using passwords that were stolen in data breaches. In that case, Microsoft forced a reset of passwords on the compromised accounts.

Whether that’s practical for a company such as Ring to do is not clear. But as more hacking cases involve previously stolen credentials, progressive action such as that taken by Microsoft is going to become more common.

Image: Ring