The US Federal Trade Commission filed a lawsuit against D-Link on Thursday, arguing that the company failed to take steps to ensure that the routers and internet-linked security cameras that it manufactures could not be hacked.
The FTC alleged that D-Link advertised their devices as secure, but then failed to address security flaws such as security gaps that allow hackers to take over consumers' devices remotely.
In a complaint filed in San Francisco Federal Court and published by Ars Technica, the FTC said: "Defendant D-Link has failed to take reasonable steps to maintain the confidentiality of the private key that defendant D-Link used to sign defendants’ software, including by failing to adequately restrict, monitor, and oversee handling of the key, resulting in the exposure of the private key on a public website for approximately six months.
"Defendants have failed to use free software, available since at least 2008, to secure users’ mobile app login credentials, and instead have stored those credentials in clear, readable text on a user’s mobile device."
Attempts to reach D-Link for comment were not immediately successful.
The FTC asked the U.S. District Court for the Northern District of California to order D-Link to improve its security practices and to pay the FTC's costs related to the suit.
The FTC has taken up the role of investigating companies which are allegedly sloppy in their handling of customers' data under rules it enforces against unfair or deceptive acts. Most recently it settled with dating website Ashley Madison for its lax data security.
FTC commissioners voted 2-1 to approve the filing of the lawsuit. The Democratic chairwoman Edith Ramirez and commissioner Terrell McSweeny voted yes, but the lone Republican commissioner, Maureen Ohlhausen, opposed the filing of the lawsuit.
Reporting by Diane Bartz. Editing by G Crosse