A hacker managed to gain access into a security camera in an eight-year-old girl's room in the United States and used it to terrorise her, according to a report by CNN.
In footage obtained by CNN affiliate WMC, the girl identified as Alyssa can be seen standing in her room while a recording of the song Tiptoe Through The Tulips was heard playing through the security camera speaker. The song was featured as an eerie tune in the horror movie Insidious, released in 2010.
Alyssa later asked "Who is that?" and then a man's voice can be heard answering "I'm your best friend. I'm Santa Claus."
Then voice then added: "Don't you want to be my best friend?"
Alyssa's mother Ashley LeMay said that her daughter was terrified by the hacker communicating with her through the camera.https://twitter.com/Jessica_Holley/status/1204505193003573250
"I watched the video and I mean my heart just like... I didn't even get to the end where she is screaming 'Mommy, mommy' before I like ran inside," LeMay said, adding that the hacker also continued to harass Ashley by telling her to destroy the room.
LeMay said she purchased a Ring security camera as a way to help her keep an eye on Ashley while she works as a nurse on overnight shifts. The incident happened just four days after the camera was installed in Ashley's room.
According to the WMC report, LeMay has reportedly disconnected the camera and is planning to return it to the store. She expressed concerns that the hacker may have been watching her daughter throughout the time the camera was operating in the room.
"They could have watched them sleeping, changing. I mean they could have seen all kinds of things. Honestly, my gut makes me feel like it's either somebody who knows us or somebody who is very close by."
Ring has issued a statement to CNN saying they believe the hack was not the result of an online security breach at the company.
"Customer trust is important to us and we take the security of our devices seriously. While we are still investigating this issue and are taking appropriate steps to protect our devices based on our investigation, we are able to confirm this incident is in no way related to a breach or compromise of Ring's security."
As LeMay told WMC that she did not set up two-factor authentication on her device, the hack could have been caused by other factors.
"Due to the fact that customers often use the same username and password for their various accounts and subscriptions, bad actors often re-use credentials stolen or leaked from one service on other services. As a precaution, we highly and openly encourage all Ring users to enable two-factor authentication on their Ring account, add Shared Users (instead of sharing login credentials), use strong passwords, and regularly change their passwords," Ring said in its statement.