The privacy breach, as per Wyze, occurred when it was restoring cameras, causing customers to see mysterious images/video footage in their Events tab.
On Friday, Wyze cameras reportedly allowed a whopping 13,000 customers to access unauthorized images and video from cameras installed in other homes. Reports began surfacing among Wyze Discord users as early as 4 AM ET, spreading rapidly by 6 AM ET. By 1 PM ET, some Wyze owners reported their devices were back online.
The privacy breach, as per Wyze, occurred when it was restoring cameras, causing customers to see mysterious images/video footage in their Events tab. The company disabled access to this tab and initiated an investigation.
According to co-founder David Crosby, the issue initially impacted 14 customers and escalated to 13,000 customers. Wyze blamed the outage on a technical glitch due to an Amazon Web Service partner issue but has not provided details. The company sent an email titled “An Important Security Message from Wyze” to customers to apologize and share details.
“The outage originated from our partner AWS and took down Wyze devices for several hours early Friday morning. If you tried to view live cameras or Events during that time, you likely weren’t able to. We’re very sorry for the frustration and confusion this caused,” Wyze’s email read.
Wyze claims the incident involved a third-party caching client library, which was impacted by high load conditions and devices’ simultaneous online activity. The library mixed up device ID and user ID mapping, connecting data to incorrect accounts. Wyze blocked the Events tab and added a verification layer for the app’s Event Video section. Despite that Wyze noted that 99.75 percent of accounts remained unaffected, however, users have reported seeing thumbnails and Event Videos from other cameras.
It is worth noting that this is the second incident involving Wyze customers seeing feeds from un-owned cameras through its online viewer. In September, 2,300 people were able to see 10 strangers’ feeds for 40 minutes.
Wyze blamed a “web caching issue” for the issue and implemented technical measures to prevent recurrence. Bitdefender also disclosed security vulnerabilities with Wyze cameras in 2022, which allowed hackers to access feeds from un-owned cameras and strangers’ SD cards.
However, Wyze isn’t the only company experiencing data leaks or breaches. Security cameras frequently become targets of hacking and are prone to vulnerabilities leading to private data exposure. In September 2023, a Vietnam-based group was discovered selling private footage from hacked cameras, advertised as “dark corners” and “hot scenes.” The breach was attributed to poor password hygiene.
To protect your security camera, ensure regularly updating firmware, using strong and unique passwords, securing your home network with Wi-Fi passwords and WPA3 encryption, and avoiding using a device with default credentials.
RELATED ARTICLES
- ThroughTek Flaw Exposed Millions of IoT Cameras to Spying
- Whitehat hacker shows how to detect hidden cameras in hotels
- 3TB of clips from exposed home security cameras posted online
- This creepy site shows live footage from 73K Private Security Cameras
- Israeli Rabbi arrested for hacking CCTV cam at women’ bathing suit shop