A Wyze executive has confirmed that at least a dozen users were able to see thumbnails taken from other users’ cameras, due to an outage with their partner network.
David Crosby wrote in a Wyze forum post on Friday that access to the Events tab was being restricted while the company investigated a potential security issue with its Amazon Web Services servers. He said that the servers “got overloaded and it corrupted some user data,” confirming there had been 14 reports of such an incident.
2/16/2024 7:24 AM PT – We are aware of an issue with our AWS partner which has impacted device connection and caused login difficulties. We are taking steps to mitigate the problem on our end as we work with AWS to resolve the issue.https://t.co/jMQZrPQ8tg
— Wyze (@WyzeCam) February 16, 2024
Since then, Crosby stated that additional verification has been added for each user before they can view thumbnails. On top of this, all users who used the Wyze app on February 16 are now being logged out to reset tokens.
Wyze’s digital community manager has subsequently reassured users that “over 99.75% of all Wyze accounts were not affected by the security event,” but added that around 13,000 users received thumbnails from cameras that were not their own and 1,504 users had access to it.
“Most taps enlarged the thumbnail, but in some cases an Event Video was able to be viewed,” he said.
What Wyze users have said
Several social media users took to Reddit to share that they had been able to access someone else’s camera. One person wrote: “One of my cameras notified me of an event from inside someone else home with them in it walking around. Absolutely no security with wyze whatsoever.” Another stated, “I just got a motion detection notification with a picture for someone else’s house that isn’t mine!”
Wyze security breaches
It is not the first time Wyze has faced issues with data protection. In 2019, the company admitted to leaving data gathered from two million people exposed on the Internet where criminals could freely harvest it. This data included email addresses as well as health information.
Wirecutter, a product review website owned by The New York Times Company, also cut ties with Wyze last year after it reported a similar breach, saying “We believe Wyze is acting irresponsibly to its customers,” for reportedly not reaching out to customers with “meaningful details.”
Wyze and Amazon have been approached for further comment.
Featured image: Canva