The Amazon-owned company Ring, which makes home-security devices, has admitted firing four employees for accessing users’ videos.
It was revealed in a letter sent to US senators, in response to questions about the company’s security practices.
In each case, the employees were authorised to view videos but access “exceeded what was necessary for their job functions”.
Ring faces questions about the security and privacy of its devices.
In November, five Democratic senators sent a letter to Amazon chief executive Jeff Bezos with a range of questions about security, including why employees in Ring’s Ukrainian office, where it conducts research and development, had access to customer video data.
In a detailed response, Amazon said the team based there could watch only publicly available videos and videos from employees, contractors and their friends who had consented to be part of the programme.
In addition, a “very limited number of employees (currently three) have the ability to access stored customer videos for the purpose of maintaining Ring’s AWS [Amazon web services] infrastructure”.
It had received four complaints over the course of four years about employees watching customers’ videos, Amazon said, had investigated each one and terminated their contracts.
“Although each of the individuals involved was authorised to view video data, the attempted access to that data exceeded what was necessary for their job functions,” it said.
Amazon did not reveal any more details about who complained, who the individuals were or where they were based but said it was always working to limit the number of people with access to video feeds.
During the past year, there has been a stream of headlines about the security of its home devices, which include indoor and outdoor cameras and smart doorbells.
Legal action filed by Alabama resident John Orange in December alleges a stranger compromised his outdoor camera and scared his children.
Earlier that month, it was reported a hacker had talked to a young girl in her bedroom via her family’s Ring camera.
And a Florida family were similarly targeted, this time with a hacker shouting racial abuse through the device.
Ring has also faced questions about its partnerships with police forces, with campaign groups saying this undermines civil liberties.
In its response to senators, Ring said it would require new users signing up to its service to activate two-factor authentication.
It has also created a privacy dashboard on the app that allows customers to manage their devices and who has access to them.
But the move does not satisfy campaign group Fight for the Future.
“Amazon is selling cheap, insecure, internet-connected surveillance cameras and convincing people to put them inside their homes, knowing that they put those people in danger,” it said.
Senator Ron Wyden, one of the signees to the original letter, said the changes were a “move in the right direction” but added: “There are millions of consumers who already have a Ring camera in their homes who remain needlessly vulnerable to hackers.”
Amazon bought Ring in February 2018 for more than $1bn.
At technology exhibition CES, in Las Vegas, this week, it showed off new products for the coming year, including smart light bulbs and a controller that would allow homeowners to remotely open gates for deliveries.