[michaeloder]

Why is Ring allowing brute forcing? Individual cameras should be set to only allow logins at least a few seconds apart increasing up to several minutes and perhaps blocking IP addresses with excessive volume. If they're brute forcing Ring's servers an application firewall would catch and block this.

[goles]

The term for this type of attack is credential stuffing.

https://www.owasp.org/index.php/Credential_stuffing

[grimmfang]

This comment shouldn't be downvoted. This is the correct term.

[pgoggijr]

I don't think that the above comment means brute-forcing in the "try a million different passwords in a short time-period" sense, it's referring to finding a list of known password and email combinations and trying just those. I would expect that a few attempts wouldn't trip any brute-force alarms.

[g4k]

Especially if you use a few thousand proxies.

[SirYandi]

Not actually brute forcing individual ring accounts. They are just using previously leaked combinations