Wyze camera breach let 13k customers view other people’s homes

Share via:


A Wyze camera breach allowed some 13,000 customers view footage from other people’s homes. The company had originally said that the serious privacy and security breach had only happened for 14 people.

Wyze says that most of these customers only saw a thumbnail, but that more than 1,500 users saw either a full-size still or a video recording of an event …

Wyze camera breach

Wyze said that an Amazon Web Services (AWS), whose servers the company uses for remote access to cameras, suffered an outage. That was annoying, with no remote camera access for several hours, but not a huge deal.

However, as The Verge reports, the problem came once the outage was over and cameras started coming back online.

Customers were reporting seeing mysterious images and video footage in their own Events tab. Wyze disabled access to the tab and launched its own investigation.

As it did before, Wyze is chalking up the incident to “a third-party caching client library” that was recently integrated into its system.

“This client library received unprecedented load conditions caused by devices coming back online all at once. As a result of increased demand, it mixed up device ID and user ID mapping and connected some data to incorrect accounts.”

But it was too late to prevent an estimated 13,000 people from getting an unauthorized peek at thumbnails from a stranger’s homes. Wyze says that 1,504 people tapped to enlarge the thumbnail, and that a few of them caught a video that they were able to view.

The company says that all affected users have been notified, and that it has now added “a new layer of verification” to ensure it can’t happen again.

Reddit users were not impressed by the company’s explanation.

“Increased demand doesn’t cause code or databases to randomly confuse one value for another. Increased demand slows request processing time, it doesn’t fundamentally change a coded process. This is f*cky at best.”

“It’s hand-wavy bullsh*t. Wyze products are dirt cheap and you get what you pay for.”

“Why are they always blaming third party ? We don’t buy cameras from or pay subs to third parties. It’s Wyzes’s problem, admit it and get it over with.”

Not the first time

It’s not the first time something like this has happened. Back in 2022, a security flaw allowed hackers to view stored video, and it reportedly went unfixed for three years even after the company was alerted to it.

In 2019, some 2.4M Wyze camera users had a large amount of personal data leaked in a separate security flaw.

9to5Mac’s Take

As we recently said, whether the issue is security flaws or price-gouging on server access, the lesson for security cameras seems clear: Stick to cameras which support Apple’s HomeKit Secure Video.

This is not only completely secure, but also value for money. Although you need an iCloud subscription to use it, the cloud storage doesn’t count against your allowance.

Photo: 9to5Toys

FTC: We use income earning auto affiliate links. More.



Source link

Disclaimer

We strive to uphold the highest ethical standards in all of our reporting and coverage. We StartupNews.fyi want to be transparent with our readers about any potential conflicts of interest that may arise in our work. It’s possible that some of the investors we feature may have connections to other businesses, including competitors or companies we write about. However, we want to assure our readers that this will not have any impact on the integrity or impartiality of our reporting. We are committed to delivering accurate, unbiased news and information to our audience, and we will continue to uphold our ethics and principles in all of our work. Thank you for your trust and support.

Popular

More Like this

Wyze camera breach let 13k customers view other people’s homes


A Wyze camera breach allowed some 13,000 customers view footage from other people’s homes. The company had originally said that the serious privacy and security breach had only happened for 14 people.

Wyze says that most of these customers only saw a thumbnail, but that more than 1,500 users saw either a full-size still or a video recording of an event …

Wyze camera breach

Wyze said that an Amazon Web Services (AWS), whose servers the company uses for remote access to cameras, suffered an outage. That was annoying, with no remote camera access for several hours, but not a huge deal.

However, as The Verge reports, the problem came once the outage was over and cameras started coming back online.

Customers were reporting seeing mysterious images and video footage in their own Events tab. Wyze disabled access to the tab and launched its own investigation.

As it did before, Wyze is chalking up the incident to “a third-party caching client library” that was recently integrated into its system.

“This client library received unprecedented load conditions caused by devices coming back online all at once. As a result of increased demand, it mixed up device ID and user ID mapping and connected some data to incorrect accounts.”

But it was too late to prevent an estimated 13,000 people from getting an unauthorized peek at thumbnails from a stranger’s homes. Wyze says that 1,504 people tapped to enlarge the thumbnail, and that a few of them caught a video that they were able to view.

The company says that all affected users have been notified, and that it has now added “a new layer of verification” to ensure it can’t happen again.

Reddit users were not impressed by the company’s explanation.

“Increased demand doesn’t cause code or databases to randomly confuse one value for another. Increased demand slows request processing time, it doesn’t fundamentally change a coded process. This is f*cky at best.”

“It’s hand-wavy bullsh*t. Wyze products are dirt cheap and you get what you pay for.”

“Why are they always blaming third party ? We don’t buy cameras from or pay subs to third parties. It’s Wyzes’s problem, admit it and get it over with.”

Not the first time

It’s not the first time something like this has happened. Back in 2022, a security flaw allowed hackers to view stored video, and it reportedly went unfixed for three years even after the company was alerted to it.

In 2019, some 2.4M Wyze camera users had a large amount of personal data leaked in a separate security flaw.

9to5Mac’s Take

As we recently said, whether the issue is security flaws or price-gouging on server access, the lesson for security cameras seems clear: Stick to cameras which support Apple’s HomeKit Secure Video.

This is not only completely secure, but also value for money. Although you need an iCloud subscription to use it, the cloud storage doesn’t count against your allowance.

Photo: 9to5Toys

FTC: We use income earning auto affiliate links. More.



Source link

Disclaimer

We strive to uphold the highest ethical standards in all of our reporting and coverage. We StartupNews.fyi want to be transparent with our readers about any potential conflicts of interest that may arise in our work. It’s possible that some of the investors we feature may have connections to other businesses, including competitors or companies we write about. However, we want to assure our readers that this will not have any impact on the integrity or impartiality of our reporting. We are committed to delivering accurate, unbiased news and information to our audience, and we will continue to uphold our ethics and principles in all of our work. Thank you for your trust and support.

Website Upgradation is going on for any glitch kindly connect at office@startupnews.fyi

More like this

DPIIT Partners boAt To Foster D2C, Manufacturing Startups

SUMMARY DPIIT has signed a pact with boAt to...

Top 5 Bitcoin critics unfazed by $100K BTC milestone

Even with Bitcoin surging past $100,000 for the...

Apple’s new ‘HomePad’ will offer three reasons to put...

Apple is planning a big smart home push...

Popular

Upcoming Events

Startup Information that matters. Get in your inbox Daily!