Wyze Camera Security Breach Exposes Thousands of Homes to Unintended Viewers
In a recent security incident, Wyze Labs, the manufacturer of smart home cameras, revealed that thousands of its customers experienced unauthorized access to images and videos of their homes. The company cited a “security event” involving third-party caching and technical glitches that led to the exposure of private content on its user forum on Tuesday.
According to an update posted by co-founder Dave Crosby, the breach occurred during a service outage on Friday, affecting customers who were attempting to use the Wyze camera services. Approximately 13,000 users received video thumbnails from cameras that did not belong to them, with 1,504 users inadvertently tapping on these thumbnails.
The incident resulted from a caching issue during the service outage, causing a third-party caching client library to overload. As the system attempted to come back online, wires were crossed, leading to a mix-up of device ID and user ID mapping, connecting some data to incorrect accounts.
During the restoration of service, strangers were able to view enlarged thumbnail images and, in some cases, recorded event videos attached to them. Wyze Labs acknowledged the breach and explained that it has since implemented additional verification measures to ensure users only have access to their own feeds.
In an email to clients shared online, the company stated, “If you tried to view live cameras or events during that time you likely weren’t able to.” Wyze emphasized that the incident does not reflect its commitment to customer protection, highlighting security as a top priority. The company assured users that steps have been taken to prevent such incidents in the future.
Despite Wyze’s response, some users on a dedicated Reddit forum expressed concerns, claiming they felt “watched by someone” and criticized the company for not taking sufficient responsibility, attributing the breach to a third party.
Thousands of Wyze camera customers recently had images of their homes, and, in some cases video, made visible to strangers, due to “a security event,” involving third-party caching and crossed wires. https://t.co/FqbkOtbVzp
— CBS News (@CBSNews) February 20, 2024