Neptune Navigate Blog

Tips for online safety, security, and responsible digital citizenship for parents, kids, and families.

Credential Stuffing and Smart Home Monitors: What You Need To Know

October 15, 2020

By monitoring our homes from our phones with  products like Ring or Nest,  we can now feel more protected and secure.  We are able to be aware, in real-time, of any activity that takes place near our front door and watch for any malicious deed that might occur.  And all of that security and protection is wonderful…provided it is set up correctly from the very beginning.  

Back in  December of 2019, Ring urged its users to change their passwords and use two-factor authentication.   Unfortunately, some people discovered the importance of having secure passwords when they fell victim to a practice known as “credential stuffing.”  This occurs when hackers take usernames and passwords from data breaches elsewhere and attempt to break into other accounts…which is exactly what happened to roughly 3,000 Ring users. The information stolen came with other account information, such as the name of cameras and users’ timezones. 

But for all you Nest users, don’t get too comfortable.  The previous January, the same thing happened to Nest through the same practice.   Because so many of us use the same passwords and usernames for multiple accounts, we make it easy for these online hackers to have access to our personal information. 

And I am one of the worst.  With numerous accounts, it’s virtually impossible to remember a different password and username for each one.  So, like so many others, I use the same ones over and over to save myself the headache of forgetting my login information and locking myself out of my accounts.

This is a mistake we have to correct.  We have to find a way to manage multiple accounts with different usernames and passwords.  Perhaps it’s as $imple as changing one letter to a $ymbol.  Maybe it’s using childhood nicknames.  Whatever the case may be, we need to make the job of these hackers a bit more challenging.   Katie McInnis, policy counsel for privacy and technology at CR Advocacy says, “Connected devices are only as strong as the security practices companies use to protect them.  Consumers may be making their privacy and their homes vulnerable by using insecure products.” 

I don’t know about you, but I’m not ready to ditch the safety products I’ve already spent good money on to secure my home.  Instead, I think I’ll try changing out some of those usernames and passwords.  I just hope I can remember them.