- Wyze co-founder David Crosby said a little over a dozen people were affected by a bug that allowed them to see into others’ homes.
- The company later revised the number of affected customers to the thousands.
Wireless camera and smart home appliance maker Wyze confirmed that 13,000 people using its security cameras could see images from a stranger’s camera feed. The revised number was posted three days after Crosby’s post on Friday, February 16, which disclosed that an unnamed Amazon Web Services partner outage caused overloaded servers and impacted 14 people.
In most cases, the thumbnail could allow a stranger to enlarge it, “but in some cases it could have caused an Event Video to be viewed,” Wyze digital community manager Jason J wrote in an email to affected customers.
“The incident was caused by a third-party caching client library that was recently integrated into our system. This client library received unprecedented load conditions caused by devices coming back online all at once. As a result of increased demand, it mixed up device ID and user ID mapping and connected some data to incorrect accounts.”
In other words, a surge in demand fried Wyze’s backend to jumble up user device IDs with the wrong user ID mappings.
The recent security gaffe is not the first time Wyze has been in the throes of a security-related incident. Wyze faced a similar situation in September 2023 when a bug fix went wrong, enabling 2,300 users logging in to its online web viewing portal to see pictures from the cameras of 10 people for 40 minutes.
See More: The S in IoT Stands for Security: Did Three Million Smart Toothbrushes Lead to a DDoS Attack?
Wyze has also been the defendant in a June 2022 class-action lawsuit wherein the plaintiffs claimed that the company knowingly concealed the knowledge of a security vulnerability that has existed for almost three years and that hackers with remote and unauthenticated access to media (images, videos) stored on local memory cards. Wyze settled the lawsuit in March 2023.
A few Wyze users took it to social media to express their “disgust.” A 23-year-old Reddit user who received Wyze’s email yesterday said, “I’m feeling so violated.”
Wyze has also been at the receiving end of intense scrutiny and criticism for its disregard for security and customer satisfaction. Customers have been voicing their complaints on the Wyze ForumOpens a new window .
Wyze is notifying all users, including the 99.75% of whom the company claims were unaffected. The company added that of the 13,000 users who received the thumbnails from strangers’ cameras, only 1,504 were tapped on, which either enlarged the image or opened the video.
“To make sure this doesn’t happen again, we have added a new layer of verification before users are connected to Event Videos. We have also modified our system to bypass caching for checks on user-device relationships until we identify new client libraries that are thoroughly stress tested for extreme events like we experienced on Friday,” Wyze’s email reads.
The company also logged out everyone who used the Wyze app during the outage to reset tokens.
Do you own a Wyze camera? Share with us on LinkedInOpens a new window , XOpens a new window , or FacebookOpens a new window . We’d love to hear from you!
Image source: Shutterstock
MORE ON CYBERSECURITY INCIDENTS
- BofA Vendor Data Breach Amplifies Third-Party Risks
- ChatGPT Leaks Sensitive User Data, OpenAI Suspects Hack
- Malicious Intent: Microsoft and OpenAI Identify APT Groups Weaponizing GenAI LLMs
Sumeet Wadhwani
Asst. Editor, Spiceworks Ziff Davis
An earnest copywriter at heart, Sumeet is what you'd call a jack of all trades, rather techs. A self-proclaimed 'half-engineer', he dropped out of Computer Engineering to answer his creative calling pertaining to all things digital. He now writes what techies engineer. As a technology editor and writer for News and Feature articles on Spiceworks (formerly Toolbox), Sumeet covers a broad range of topics from cybersecurity, cloud, AI, emerging tech innovation, hardware, semiconductors, et al. Sumeet compounds his geopolitical interests with cartophilia and antiquarianism, not to mention the economics of current world affairs. He bleeds Blue for Chelsea and Team India! To share quotes or your inputs for stories, please get in touch on sumeet_wadhwani@swzd.com
