Wyze, a security camera company boasting 10 million users, is in hot water after a breach allowed 13,000 customers to see into other people’s homes.
Company cofounder Dave Crosby announced Friday that employees had identified 14 people who were briefly able to see images from a stranger’s Wyze camera. As of Monday, that number had ballooned to 13,000, reports the Verge.
In a Friday morning email blast to customers, Wyze apologized for the mishap while shifting the blame to a third-party web host.
“The outage originated from our partner AWS and took down Wyze devices for several hours early Friday morning. If you tried to view live cameras or Events during that time, you likely weren’t able to,” Wyze said. “We’re very sorry for the frustration and confusion this caused.”
While Wyze was working to bring its cameras back online from the breach, customers reported strange images and videos in their Events tabs, prompting the company to disable access to the section while investigating the mistake.
According to the company, “a third-party caching client library” is to blame for the error.
However, a similar incident occurred last year when 2,300 users were able to see through strangers’ cameras.
“Simply put, it crossed some wires in the backend and, for about 40 minutes, up to 2,300 users who logged in to the online web viewing portal may have seen cameras from one of the 10 affected users who had also logged in during that time,” Wyze said on September 22, 2023.
This time, Wyze says that 1,504 people enlarged the thumbnails from other people’s cameras, and a few actually viewed video footage.
“It also claims that all impacted users have been notified of the security breach, and that over 99 percent of all of its customers weren’t affected,” the Verge reported.
A Reddit user who identified herself as a “23-year-old girl” reported feeling “disgusted and upset” upon receiving the email:
I’m shocked. I’m a 23 year old girl and I was getting ready for work during the outage. And please spare your “I only put the cameras outside” comments because I have sick animals that I need to see at all angles while I’m at work. I’m so disgusted and upset. I’ve already deleted my account, but I’m feeling so violated.
In a post to the subreddit r/wyzecam, Crosby said the incident “affected a little less than 0.25 percent of Wyze users, including users who received thumbnails and users who had their thumbnails sent to a different account.”
The cofounder also told customers that Wyze’s engineering team “has added a new layer of verification between users and event videos to prevent this from happening again.”
“We’ve also removed the client library and will not be using caching until we can find a new client library and stress test it for extreme scenarios like we saw on Friday,” Crosby continued, before adding that the investigation is still ongoing.
COMMENTS
Please let us know if you're having issues with commenting.