Ring security products are facing criticism after multiple reports that the brand’s in-home security cameras have been hacked, including an incident where an 8-year-old Mississippi girl heard voices coming from the device in her bedroom.

In the security footage, a man’s voice is heard, telling the little girl that he’s “Santa Claus,” and her “best friend.” He also encourages the child to mess up her room and break her TV.

“They could have watched them sleeping, changing. I mean they could have seen all kinds of things,” the girl’s mother, Ashley LeMay, told WMC Action News. “It makes me feel like it’s either somebody who knows us or somebody who is very close by.”

Other incidents have been reported in Florida, Texas and Georgia. In Cape Coral, Fla., for example, a hacker gained access into a couple’s Ring camera and made racist comments about their son.

In a statement sent to TIME, Ring said that they take their devices’ security very seriously, but that the incidents are not related to a breach of security protocols.

“We have no evidence of an unauthorized intrusion or compromise of Ring’s systems or network,” the statement reads.

The statement adds that Ring is aware of an incident where “malicious actors” were able to obtain a user’s login credentials from an outside, non-Ring device and use that same information to log into the Ring device. “Upon learning of the incident, we took appropriate actions to promptly block bad actors from known affected Ring accounts and affected users have been contacted,” Ring says.

Craig Shue, an associate professor of computer science at Worcester Polytechnic Institute, agrees that the hackers are likely getting Rings users’ account information from third parties (like the details used for an email account or streaming service). Using specialized software, they are then able to recycle those passwords and usernames across multiple devices, including Rings, looking for instances where the login data matches. Motherboard has reported of forums and Discord servers whose users collaborate on such hacking projects.

Shue recommends that users create strong passwords, ensure each is unique across their different accounts and devices, and change them regularly. He also recommends enabling two-step authentication on devices where possible; this adds another step to the authorization process by sending a security code to a registered email or phone number when someone tries to log into an account.

Ring also recommends customers change their passwords and enable two-factor authentication. LeMay told WMC that she did not set up the two-factor authentication for her Ring account. She has since disabled the device and plans on returning it.

Shue says that both Ring and its products’ users bear responsibility for their security. “Manufacturers have the responsibility to clean out devices that can be secured and patch any vulnerabilities that come up,” he tells TIME. “Consumers also have to look out for their own self-interest. It hurts us if it doesn’t go well… we have to always be vigilant.”

“I would also encourage everybody to do their own form of risk assessment and determine what they need in these devices and whether it’s worth the risk to have that functionality,” Shue continues. “It’s kind of crazy that we use passwords as a line of defense for a sensitive device.”

The Leadership Brief. Conversations with the most influential leaders in business and tech. Please enter a valid email address. Sign Up Now Check the box if you do not wish to receive promotional offers via email from TIME. You can unsubscribe at any time. By signing up you are agreeing to our Terms of Use and Privacy Policy . This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply. Thank you! For your security, we've sent a confirmation email to the address you entered. Click the link to confirm your subscription and begin receiving our newsletters. If you don't get the confirmation within 10 minutes, please check your spam folder.

Write to Josiah Bates at josiah.bates@time.com.