Wyze smart camera data breach: What happened and how it affects you

Wyze smart camera Information breach: What Occurred and how it Impacts you


Wyze Labs, a manufacturer of smart cameras along with other smart home devices, has verified that information belonging to numerous customers has already been subjected. Here’s what occurred and how it influences you.

What occurred?

An unsecured server vulnerable Wyze customers’ private information for more than three weeks. Cybersecurity company Twelve Security found the leak and published its findings on 26 December. Wyze co-founder Dongsheng Song afterward affirmed the leak in a forum post on 27 December.

He explained the server as a “flexible database” and stated an “employee error” induced its safety protocols to be eliminated on 4 December. As an outcome, consumer information in the database has been left available to people for three months – or before 26 December, if Wyze was informed of this matter.

It’s worth noting Twelve Security stated that there are “clear indications” that customersinformation was being sent into the Alibaba Cloud in China, though Song has coined this stage, promising Wyze does not use Alibaba Cloud, and it does not share user information with any government agencies.

How to inform if you’re influenced

The information of about 2.4 million Wyze customers was endangered, based on Twelve Security. There is not any instrument you can use to find out if your personal data was on the vulnerable host or unprotected database, however Wyze said it intends to send an email to all impacted customers.

What kind of advice was subjected?

Wyze’s vulnerable host comprised the following Kinds of personal data belonging to customers, based on Twelve Security:

  • Usernames
  • Email addresses
  • Camera nicknames
  • Device versions
  • Firmware data and Wi-Fi SSID information
  • API tokens for iOS and Android
  • Alexa tokens from consumers that joined Amazon’s voice helper with their cameras.
  • Health data (such as height, weight, bone density, and daily protein consumption ).

Wyze stated its database on the vulnerable server did not consist of passwords. But it did affirm private health information was on the host because of a beta test of a new clever scale.

What is Wyze performing today?

Wyze was conducting an audit of its databases and servers, and it has already discovered another database that was unprotected. According into Song, Wyze is starting to review “all aspects” of its safety guidelines now that numerous databases are discovered vulnerable. It also logged all users from the account and unlinked third party integrations because of the endangered API and Alexa tokens.

“We’ve often heard people say, ‘You pay for what you get,’ assuming Wyze products are less secure because they are less expensive. This is not true,” Song added. “We’ve always taken security very seriously, and we’re devastated that we let our users down like this.”

Is there anything you need to do?

If you’re influenced with this Wyze information breach, you’re now prone to being targeted online by malicious celebrities.

Short of deleting your Wyze accounts and ditching Wyze goods, be extra cautious about phishing attacks today your username and email have been subjected. Many hackers use these kinds of leaked databases to rapidly get ahold of a mass pool of possible victims and to boost their phishing efforts. So, be more careful when it comes to some junk email, unsolicited asks, arbitrary invites to click links, etc. 

Henry Mitchell

Add comment

Follow us

Don't be shy, get in touch. We love meeting interesting people and making new friends.

Most discussed