Wyze Has a Security Breach (Again)
When you put a camera in your home, the chances of someone on the Internet seeing you in your underwear are non-zero. Case in point: Earlier this week, Wyze alerted customers that there had been a security breach that allowed external parties to see real-time images from other users’ Wyze cameras over a period of time.
About 13,000 Wyze customers temporarily had access to other Wyze cameras that did not belong to them. According to Wyze, this is less than 2.5% of their user base. Some of those 13,000 users received thumbnails from other people’s cameras, and about 1,500 people clicked on those thumbnails to enlarge the thumbnail or view the live video or clip.
An issue occurred at an AWS partner on Friday, February 16, 2024, causing Wyze services to be down for several hours. When the devices came back online, they overloaded the system, causing confusion between user IDs and device IDs. Wyze logged out and deleted the tokens of every Wyze user who logged in on Friday, the day the illegal activity occurred.
This is the second time such an event has occurred in six months. In September 2023, a similarly small group of Wyze customers (about 2,500) reported seeing images or accessing feeds from other people’s cameras due to a web caching issue.
Unfortunately, these aren’t the only problems: a few years ago, a security firm publicly reported Wyze’s vulnerabilities, and Wyze settled a lawsuit over the issue.
In an email sent to customers (which I received while I was testing two Wyze cameras), the company sympathized with customers’ frustrations and briefly explained how they would try to hedge against this in the future by adding checks on these displayed relationships. . However, this is a temporary measure until they can implement new client libraries that are better prepared for events like Friday’s.
Wyze, as a brand, definitely falls into the “more affordable” segment of security cameras, but breaches like this aren’t unique—we’ve seen them at larger companies too. While we shouldn’t have to sacrifice the ability to watch our pets frolic around the living room while we’re out and about, with the possibility of other people also being able to peek into our homes, it has become a cost of doing business. However, this does not mean that everything is fine.
I have both of my Wyze cameras set up in my kitchen, so to those who may have seen me singing along to “Fame” while doing the dishes in my unicorn onesie last week: welcome.