Wyze cameras gave 13,000 people unauthorized views of strangers’ homes

Estimated read time 2 min read

Wyze's Cam V3 Pro indoor/outdoor smart camera mounted outside
Enlarge / Wyze’s Cam V3 Pro indoor/outdoor smart camera.

Wyze cameras experienced a glitch on Friday that gave 13,000 customers access to images and, in some cases, video, from Wyze cameras that didn’t belong to them. The company claims 99.75 percent of accounts weren’t affected, but for some, that revelation doesn’t eradicate feelings of “disgust” and concern.

Wyze claims that an outage on Friday left customers unable to view camera footage for hours. Wyze has blamed the outage on a problem with an undisclosed Amazon Web Services (AWS) partner but hasn’t provided details.

Monday morning, Wyze sent emails out to customers, including those Wyze says weren’t affected, informing them that the outage led to 13,000 people being able to access data from strangers’ cameras, as reported by The Verge.

Per Wyze’s email:

We can now confirm that as cameras were coming back online, about 13,000 Wyze users received thumbnails from cameras that were not their own and 1,504 users tapped on them. Most taps enlarged the thumbnail, but in some cases an Event Video was able to be viewed. …

According to Wyze, while it was trying to bring cameras back online from Friday’s outage, users reported seeing thumbnails and Event Videos that weren’t from their own cameras. Wyze’s emails added:

The incident was caused by a third-party caching client library that was recently integrated into our system. This client library received unprecedented load conditions caused by devices coming back online all at once. As a result of increased demand, it mixed up device ID and user ID mapping and connected some data to incorrect accounts.

In response to customers reporting that they were viewing images from strangers’ cameras, Wyze said it blocked customers from using the Events tab, then made an additional verification layer required to access the Wyze app’s Event Video section. Wyze co-founder and CMO David Crosby also said Wyze logged out people who had used the Wyze app on Friday in order to reset tokens.

Wyze’s emails also said the company modified its system “to bypass caching for checks on user-device relationships until [it identifies] new client libraries that are thoroughly stress tested for extreme events” like the one that occurred on Friday.

Source link

You May Also Like

More From Author

+ There are no comments

Add yours