Surveillance camera maker Wyze admits 23-day data breach

Affiliate commissions may be incurred for this site via the links on this page. Terms of Use.

Home cameras with internet access have become big business. Companies like Google’s Nest and Amazon’s Ring dominate the high-end market. However, there are also numerous smaller players like the price-conscious Wyze. This company attracted attention with its $ 20 surveillance camera and other super-affordable smart home products. However, Wyze is now admitting that it suffered a serious security breach in December.

Wyze security cameras don't have batteries, 4K resolution, or advanced AI like some devices on the market, but they're so cheap that you can keep an eye on your humble home for a relative amount. While a 1080p Wyze camera costs $ 20, the simple indoor Nest camera costs $ 200. However, Nest has Google's account security, which is among the safest you'll find. Wyze recently made a serious mistake when it left a repository of user data open for several weeks.

The saga started last week when consulting firm Twelve Security reported that it had found a copy of Wyze's online database. Wyze later confirmed the extent of the violation in an email to consumers. The data included camera names, WLAN SSIDs, activation times and access tokens for mobile apps and Alexa. Passwords and saved records were not part of the violation. About 2.4 million users were reportedly at risk.

According to Wyze, the database was accidentally copied by an employee to an unsafe location. The company does not believe that credentials have been compromised by anyone. However, the availability of login tokens could have allowed a certain third party to hijack accounts. As a precaution, Wyze logged out all users and reset tokens.

Unsecured Wyze databases via Twelve Security.

The database was accessible between December 4 and 26, according to the twelve security agencies, but that's not the only problem. The company also claims that Wyze routes traffic through Alibaba's servers in China, which will no doubt raise alarm bells for some U.S. consumers. However, Wyze contests this claim. According to Twelve Security, Wyze's US servers have never been as secure as Chinese servers. This suggests that user data was already available in some form in January 2019. Wyze has not yet responded, but is continuing to investigate.

While devices like Wyze cameras can be appealing, it's important to remember that they're not bulletproof. This is far from the first time that a camera manufacturer has a data breach, and it won't be the last time. It's probably a good idea to make sure these devices don't point to something you don't want to reveal.

Read it now:

Comments are closed.