One of the hackers allegedly used a camera that was set up in a little girl's bedroom to yell racial slurs at her
Two couples who both allege their Ring cameras were hacked have filed suit against the company, claiming the invasion of privacy was “terrifying” and has caused emotional distress and anxiety.
The lawsuit was filed in the U.S. District Court for the Central District of California on Jan. 3 by Ashley LeMay and husband Dylan Blakeley of Mississippi, and Todd Craig and girlfriend Tania Amador of Texas, who both say their Ring cameras were compromised in December by anonymous hackers who taunted them in their own homes.
The Blakeley family bought two Ring cameras in November, and set them up at home so that LeMay would be able to check on their daughters during her overnight shift at a hospital, the suit, which was obtained by PEOPLE, claims.
But on the night of Dec. 4, both cameras — one of which was located in their daughters’ bedroom — allegedly began live-streaming and playing a song that appeared in the horror film Insidious.
The couple’s 8-year-old daughter went into her bedroom to investigate the sound, and was soon hit with racial slurs from an anonymous man’s voice, who also told her he was Santa Claus and encouraged her to misbehave, the suit claims and video shows.
The “frightened” girl left the room and her father disabled the device, though LeMay told PEOPLE in December her daughter “was in shock” and “really confused” by the incident.
“It was… from a horror film, and I just thought this couldn’t be real,” she told Today. “There’s no way this is real right now.”
In the time since, LeMay says she has had to take a leave of absence from work because of the “emotional distress this incident caused her,” according to the suit, and remains spooked knowing that the hacker — whom Ring has allegedly not identified to the family — knows their address and that four young girls live there.
“It was the most terrifying experience in my life,” she told Today.
Meanwhile, Craig and Amador claim a similar incident occurred just five days later, saying they were in their home when a voice from their camera began laughing and shouting, “Ring support! Ring support!”
The hacker also said, “Pay this 50 bitcoin ransom or you will get terminated yourself!” according to the suit.
The couple has also not been told their hacker’s identity, and in the months since have suffered emotional distress, including “fear and anxiety” that someone is constantly spying on them, the suit claims.
The lawsuit argues that while the company promises to “bring protection inside,” it does the opposite by purposely ignoring safety precautions such as two-factor authentication, despite knowing that its devices are vulnerable to hacking.
The suit cites the fact that Ring doesn’t double-check whether someone is logging in from an unknown IP address, and that it allows users to try as many passwords as possible without locking them out.
“Even as its customers are repeatedly hacked, spied on, and harassed by unauthorized third parties, Ring has made the non-credible assertions that it has not suffered any data breaches and that there are no problems with the privacy and security of its devices,” the suit says.
Ring — which was acquired by Amazon in 2018 — told PEOPLE on Friday that it does not comment on legal matters. However, a spokesperson for the company said in a statement that Ring does not have any evidence that the issue related to a breach of compromise of Ring’s system or network.
“It is not uncommon for bad actors to harvest data from other company’s data breaches and create lists so that other bad actors can attempt to gain access to other services,” the spokesperson said.
“We’ve emailed customers whose accounts we have identified as exposed and have reset their passwords. In addition, we are continuing to monitor for and block potentially unauthorized login attempts. We’ve also contacted all Ring customers, encouraging them to enable two-factor authentication, change their passwords, and follow these important best practices for keeping their accounts secure.”
The statement continued: “We know that customers are understandably concerned about privacy and data security. In the year ahead, we are committed to putting control and privacy front and center, while providing the best possible experience for users.”
The parties are suing for negligence, breach of implied contract, unjust enrichment and invasion of privacy, among other allegations.
In a statement to PEOPLE, the plaintiff’s attorney, Hassan Zavareei, claimed that “Ring has been trying to blame consumers instead of taking responsibility for its own sloppy security practices.”
“Ring says its customers should have used better security measures, like dual-factor authentication,” Zavareei continued in his statement. “The truth is that Ring never asked its customers to use dual-factor authentication. Ring also allows hackers (and hacker software) to try as many passwords as they want without ever locking them out, meaning that Ring’s system can be hacked by a basic computer program that enters as many codes as possible until one works. And these are only two examples of Ring’s apathetic approach to protecting its customers’ privacy. These breaches were Ring’s fault, not our clients’.”