The Federal Trade Commission charged home security camera company Ring with compromising its customers’ privacy by allowing any employee or contractor to access consumers’ private videos and by failing to implement basic privacy and security protections, enabling hackers to take control of consumers’ accounts, cameras, and videos.

Under a proposed order, which must be approved by a federal court before it can go into effect, Ring will be required to delete data products such as data, models, and algorithms derived from videos it unlawfully reviewed. It also will be required to implement a privacy and security program with novel safeguards on human review of videos as well as other stringent security controls, such as multi-factor authentication for both employee and customer accounts.

“Ring’s disregard for privacy and security exposed consumers to spying and harassment,” said Samuel Levine, Director of the FTC’s Bureau of Consumer Protection. “The FTC’s order makes clear that putting profit over privacy doesn’t pay.”

California-based Ring LLC, which was purchased by Amazon in February 2018, sells internet-connected, video-enabled home security cameras, doorbells, and related accessories and services. The company has marketed its products as offering greater home security and providing its users with peace of mind. For example, in promoting its indoor security cameras, which can be placed in individual rooms, Ring touts the ability of purchasers to “See your home. Away from home” alongside a picture of a Ring camera monitoring a child’s bedroom.

In a complaint, the FTC says Ring deceived its customers by failing to restrict employees’ and contractors’ access to its customers’ videos, using customer videos to train algorithms, am