After an outage, thousands of Wyze users were shown thumbnails of camera feeds that were not theirs. Wyze sent an email to everyone involved.
Wyze Users were able to view other people’s homes after an outage that overloaded the company’s servers and corrupted user data, according to the company’s press release. The security breach is much worse than originally anticipated.
“About 13,000 users received thumbnails of cameras that were not theirs,” Dave Crosby, one of the company’s co-founders, said in a statement.
The company says it sent several rounds of emails. The order depended on how and if the user was affected:
The first email was sent to all users who were not affected by the issue.
A second was sent to those whose thumbnails were available to other users, but those thumbnails were not touched.
A third email was then sent to users whose event thumbnails were made available to others and tapped.
To arrive at a conclusion, a fourth email was sent to users who had thumbnails available to them that were not their own.
Who is affected by the Wyze camera breach?
Affected users should have received an email, but Wyze’s digital community manager said users could see a “slight delay upon receiving your email.”
In the email sent to users, the security company claims that around 99.75% of its users were not affected by the breach.
Originally, the company thought that only 14 users could see inside other people’s homes, but around 13,000 users received thumbnails that were not theirs. Of those users, 1,504 clicked on it. The company claims that most only zoomed in on one image, but some were able to view images from another user’s camera.
“We have identified your Wyze as one of those affected,” said the email sent to the 1,504 users who viewed his video. “This means that his event thumbnails were visible on another Wyze user’s account and that a thumbnail was tapped.”
The videos that were viewed were not live broadcasts. They were fragments of events that caused the camera to start recording.
“To make sure this doesn’t happen again, we’ve added a new layer of verification before users connect to Event Video,” reads each email sent to Wyze users. “We have also modified our system to avoid caching check user-device relationships until we identify new client libraries that undergo extensive testing for extreme events like those we experienced on Friday.”
How did the camera breach happen?
“We had a caching issue from a third-party caching client library that was recently integrated into our system,” Crosby said in the statement. “It was overloaded after the Friday morning outage and wires crossed trying
to get back online.”
The company blames an outage at its web hosting provider and partner AWS for causing a security breach.
Wyze’s Previous Security Breaches
This is not the first time Wyze has faced a security breach.
In 2022,a class-action lawsuit was filed over allegations that Wyze knowingly concealed vulnerability which allowed hackers access stored images and videos on memory cards According Bloomberg Law .
According Spice works ,the company settled this lawsuit in March 2023
Source: usatoday
Julia is a USA TODAY trends reporter covering various topics including local business and government affairs in Miami as well as technology and pop culture . She can be followed on her social media accounts : Twitter Instagram , Tik Tok .