Would you say that a thousand houses "leaked their owner's data" (presence information) if someone went by ten thousand specific homes and rang their doorbells to test if someone is home based on information they got from a third party?
I would say there is a substantial difference between compiling a list of valid Ring credentials by trial and error based on data you already have from another party ("credential stuffing") and Ring disclosing the credentials either on purpose or through a hack ("leaking data" / "data breach").
Note that another comment calls into question whether this really was credential stuffing, but that's not what I mean to comment on.
>Would you say that a thousand houses "leaked their owner's data" (presence information) if someone went by ten thousand specific homes and rang their doorbells to test if someone is home based on information they got from a third party?
That's not what's the headline says, and that's not what TFA says. Someone "leaked" a list of valid credentials to Ring accounts. A better analogy would be if someone collected ten thousand keys they found around the city, tried them on every lock they came across, and then created a map showing which keys worked on which locks. And provided an infinitely-copyable keyring to go along with the map.
Ring says they're not responsible for the data being out there, and that's probably true. But the data is out there, and that's a problem for the people on the list.
I would say there is a substantial difference between compiling a list of valid Ring credentials by trial and error based on data you already have from another party ("credential stuffing") and Ring disclosing the credentials either on purpose or through a hack ("leaking data" / "data breach").
Note that another comment calls into question whether this really was credential stuffing, but that's not what I mean to comment on.