On May 28, 2025, according to posts on social media sites like TikTok, Instagram, Reddit and Facebook, someone hacked into millions of doorbells and home security devices created by the company Ring — now owned by Amazon — an act that would seemingly grant access to millions of small cameras around the nation inside and around people's homes.
As supposed proof, users shared screenshots showing the login history of their Ring accounts, which featured frequent logins from various devices, all from May 28, 2025. As the posts spread on social media, it became clear that this was not just a unique phenomenon — many commented that they too had unknown logins from the same date.
But despite the social media posts, two questions were left unanswered: Was the login data legitimate, and if so, did it indicate that millions of customers had been hacked on that date? According to Ring, the login data was the result of a glitch, not a hack.
Ring's devices allow customers to view video feeds from their phone or laptop. In order to make this work, the Ring devices, like its smart doorbell, must be connected to WiFi and registered to an account.
Given the privacy concerns around placing cameras inside and around homes, Ring accounts track and control which devices are able to log in to an account, which its app calls "authorized devices." A list of these devices is visible in the Ring app's "control center" tab. This tab is where users found the unknown authorized devices. Several viral videos showed how to delete these unknown devices from the authorization list and publicly shamed Ring for not disclosing the supposed hack.
According to the Federal Trade Commission (FTC), all 50 states, the District of Columbia, Puerto Rico and the U.S. Virgin Islands have laws requiring companies to disclose a data breach to their customers, and some states set deadlines on how quickly a consumer must be informed. For instance, Washington, home of Ring's parent company, Amazon, requires all companies to disclose a breach "no more than 30 days after discovery," in the "most expedient time possible without unreasonable delay."
Ring's response to the videos
As the videos spread, concerned customers began contacting Ring about the potential breach. On July 18, Ring posted a statement about the situation to its social media pages, including Facebook and X, and to its website. That statement claimed that the effects were not caused by a data breach at all. It read as follows:
We are aware of an issue where information is displaying inaccurately in Control Center. This is the result of a backend update, and we're working to resolve this. We have no reason to believe this is the result of unauthorized access to customer accounts.
In other words, according to Ring, an update to parts of the company's infrastructure that users don't directly interact with contained a bug that caused the control center panel to display unknown authorized devices, and the company was working on a fix for the issue.
The company's response appears to be consistent with the descriptions of the problem.
If Ring's systems truly had been hacked, it would have been a massive undertaking. While it's not impossible that the company would attempt to cover up a supposed hack, that cover-up ever being exposed would practically kill the company outright by tanking consumer trust — even the allegation of covering up a data breach rightfully angered many consumers concerned about data privacy.
In order to pull off a data breach, hackers would have needed to break Ring's multi-factor authentication (MFA), which has been required by the company for all logins since 2020. Beating the MFA would have meant tricking every individual user into giving up their two-step verification or already having extensive access to the central system. The first of these is highly unlikely (albeit not impossible), given the amount of time and effort it would require, and if the hackers aimed to beat the MFA through central access, why not just use that access to do everything?
Furthermore, if the hackers had central access to the system, it would be strange of them not to consider the customer's ability to view and remove authorized devices. With central access, why would the hackers even make unknown devices visible to customers? Leaving a trail of breadcrumbs like that lines up with one of three conclusions:
- Ring wasn't hacked.
- Ring was hacked, and the hackers forgot everything they knew about hiding their trail upon making it into the system and therefore could easily be caught by law enforcement.
- Ring was hacked and the hackers were so good at their jobs that everything reported so far has been a red herring and they're still in the system.
One of these three is more likely than the others.
But if it wasn't a hack, then it had to be some sort of bug, because the users were indeed reporting abnormal logins. An update to the Ring app would have been the simplest way to introduce a new bug or glitch to the system.
However, concerned customers didn't mention that their Ring apps had been recently updated. That suggests the problem could be the result of a legitimate data breach, which already has a lot of evidence going against it, or a bugged update to Ring's backend, an update that customers likely wouldn't have received notification about. Ring's statement matches the latter option.
Ring's technical support responses to angry customers on social media gave a few more things away. The bug resulted in prior login dates being logged as "May 28, 2025," lining up with what customers saw on their screens. It also reportedly replaced some device names with "device name not found."
One user on Reddit reported that the list of authorized devices on their control panel was backlogged for several years and consisted solely of the user's old and since-replaced devices, something Ring told other users. Another user speculated that the mishap was caused during a server update gone wrong, and data about old, authorized logins was unintentionally scrambled.
What can users do?
This is not the first time Ring has had supposed privacy issues. During U.S. President Joe Biden's term in office, the company settled an unrelated case with the FTC for $5.8 million over privacy and security concerns from 2017 to 2019, including allowing company employees and contractors to access customer's private video feeds and failing to implement standard cybersecurity measures to stop hackers.
Concerned users can review Ring's page on privacy and privacy policy and ensure the company's policies align with their own feelings about data security.
As for the May 28, 2025 logins, it's probably better safe than sorry — remove them from your account and change your password just in case.