How to Protect Your Wyze Account After a Recent Data Breach

A recent security breach has leaked more than 2.4 million users of Wyze CCTV cameras. The compromised database has remained unsecured and publicly available, and it appears that the information was collected and stored by cloud computing company Alibaba in China.

According to a breach report by data security consultancy Twelve Security , user data left in the public domain includes:

  • The username and email address of those who purchased the cameras and then connected them to their home.
  • The email of any user they’ve ever shared camera access with, such as a family member
  • List of all cameras in the house, names for each camera, device model and firmware
  • Wi-Fi SSID, internal subnet structure, last power-on time for cameras, last logon time from app, last logout time from app
  • API tokens for accessing a user account from any iOS or Android device.
  • Alexa Tokens for 24,000 Users Connecting Alexa Devices to Their Wyze Camera
  • Height, weight, gender, bone density, bone mass, daily protein intake and other health information for a subset of users.

Only one of these bullet points will be enough for concern, but the amount of compromised user data is Staggering if true. (In his answer, Wyze disputed some of the claims.)

If you are using any of the Wyze products, you need to immediately change your password and update your security settings so that no one can hack your account using the leaked information. (You can also manually log out and log back in to your account and make sure you disable and re-enable all connected services, if applicable.)

You can follow this link to change your password through the Wyze app or website . Next, you should strengthen the security of your Wyze account by enabling two-factor authentication, if you haven’t already. Here’s how:

  1. Go to the Account tab in the Wyze app.
  2. Tap your email address.
  3. Scroll down to the Security section and enable Two-Factor Authentication.
  4. Add your phone number and click “Verify Phone Number”.
  5. You will receive a text with a confirmation code. Enter the code in the confirmation field, then click Next to complete the process. Now you will receive a verification code in plain text every time you log in. You can also add a backup phone number in case you lose access to another device for any reason.

While a new password and two-factor authentication will help keep your account safe, we must point out that this method – sending a confirmation number in text – is not as good as true two-factor authentication , and may not help in some cases. generally.

More…

Leave a Reply