Wyze says camera breach let 13,000 customers briefly see into other people’s homes

Wyze Mates,

On Friday morning, we had a service outage that led to a safety incident. Your account and over 99.75% of all Wyze accounts weren’t affected by the safety occasion, however we needed to make you conscious of the incident and allow you to know what we’re doing to ensure it doesn’t occur once more.

The outage originated from our companion AWS and took down Wyze gadgets for a number of hours early Friday morning. When you tried to view reside cameras or Occasions throughout that point, you possible weren’t in a position to. We’re very sorry for the frustration and confusion this precipitated.

As we labored to carry cameras again on-line, we skilled a safety problem. Some customers reported seeing the unsuitable thumbnails and Occasion Movies of their Occasions tab. We instantly eliminated entry to the Occasions tab and began an investigation.

We will now affirm that as cameras had been coming again on-line, about 13,000 Wyze customers obtained thumbnails from cameras that weren’t their very own and 1,504 customers tapped on them. Most faucets enlarged the thumbnail, however in some circumstances an Occasion Video was in a position to be seen. All affected customers have been notified. Your account was not one of many accounts affected.

The incident was attributable to a third-party caching consumer library that was just lately built-in into our system. This consumer library obtained unprecedented load situations attributable to gadgets coming again on-line abruptly. Because of elevated demand, it combined up system ID and consumer ID mapping and related some knowledge to incorrect accounts.

To ensure this doesn’t occur once more, we now have added a brand new layer of verification earlier than customers are related to Occasion Movies. We’ve additionally modified our system to bypass caching for checks on user-device relationships till we establish new consumer libraries which are completely stress examined for excessive occasions like we skilled on Friday.

We all know that is very disappointing information. It doesn’t mirror our dedication to guard clients or mirror the opposite investments and actions we now have taken in recent times to make safety a high precedence at Wyze. We constructed a safety crew, carried out a number of processes, created new dashboards, maintained a bug bounty program, and had been present process a number of third occasion audits and penetration testing when this occasion occurred.

We should do extra and be higher, and we are going to. We’re so sorry for this incident and are devoted to rebuilding your belief.

You probably have questions on your account, please go to help.wyze.com.

Wyze Workforce