Wyze, a company based in Seattle that offers smart home products such as cameras and doorbells, has experienced a cybersecurity “incident” that allowed many of its connected camera users to access other people’s camera feeds, unbeknownst to them.
This isn’t the first time that Wyze has faced a cybersecurity issue like this. In September 2023, users reported seeing camera feeds that were not theirs, which was attributed to a Web caching problem. Now, the issue has recurred, affecting even more users. Around 13,000 users received thumbnails from cameras that were not theirs, and 1,504 users enlarged the image. Some instances involved the thumbnail being attached to a video, which was then viewed.
Reports from users on platforms such as Reddit and the Wyze forum detailed the distressing experience of seeing strangers’ images and footage from other time zones. Several users expressed concerns about the security flaw and questioned whether their own camera notifications were being sent to other Wyze users due to the mix-up.
David Crosby, Wyze’s co-founder and chief marketing officer, has addressed the issue by implementing new security measures. These involve adding an extra layer of verification between users and event videos, requiring all users to log out of the Wyze app and reset tokens if they have been active. Additionally, the Events tab was temporarily taken down in response to the reports of privacy breaches.
The cybersecurity incident was initially attributed to an overloaded Wyze server following an Amazon Web Services (AWS) outage, which allegedly caused corruption of user data and led to the security issue. However, AWS did not report an outage during the time the problems with the Wyze cameras occurred.
In an email obtained by the media, Crosby expressed gratitude for the assistance provided by users in addressing the issue and apologized for the stressful experience. Despite Wyze’s apparent transparency in handling the situation compared to the previous incident, the company’s trust and reputation remain in question. As an investigation continues, it remains to be seen how Wyze will regain user trust and prevent similar incidents from occurring in the future.