Wyze camera breach let 13,000-customer glimpse others homes

The problem with Wyze letting its surveillance camera users briefly see other customers’ homes is far worse than we thought. Established fact The news came in an email to customers titled “Important Security Message from Wyze,” in which the company acknowledged the breach and apologized, while tryin…

Wyze has admitted that the number of customers affected by the privacy breach has ballooned to 13,000.
The security problem was blamed on a “third-party cache library,” but the company admitted it had let its customers down.
Wyze is working on this issue by adding an extra layer of validation before users can view images or footage from the Events TAB.

The problem with Wyze letting its surveillance camera users briefly see other customers’ homes is far worse than we thought.

Established fact

The news came in an email to customers titled “Important Security Message from Wyze,” in which the company acknowledged the breach and apologized, while trying to pin some of the blame on its web hosting provider, AWS.
Last week, co-founder David Crosby said that “so far,” the company has identified 14 people who were able to briefly see a stranger’s house because they saw an image taken by someone else’s Wyze camera. Now we are told that the number of affected customers has ballooned to 13,000.

The consequences of information leakage

However, the breach occurred just as Wyze was trying to get its cameras back online. Customers reported seeing mysterious images and video clips in their “events” tabs. Wyze disabled access to the tags and launched its own investigation. As before, Wyze blamed the incident on a “third-party cache client library” that was recently integrated into its system.

But it was too late to stop an estimated 13,000 people from taking unauthorized peeks at thumbnails in strangers’ homes. Wyze said 1,504 people clicked to enlarge the thumbnails, and some of them took videos they could watch. The company also claims that all affected users have been notified of the security breach and that more than 99% of users were not affected.

Wyze’s customers have taken to Reddit and other sites to express their outrage. One Reddit user, who identified herself as a “23-year-old girl” who was getting ready for work at the time of the data breach, said she was “disgusted and upset” and said she would delete her account. “I felt violated,” she said.

Also read: How to enhance cybersecurity after the Australian State Court database breach?

Problems that need to be solved

Wyze is working to solve this problem by adding an additional layer of validation before users can view images or footage from the Events TAB. “We have also modified our system to bypass the cache of user device relationship checks until we have identified new client libraries that have been thoroughly stress-tested and can handle extreme events like the one we experienced on Friday,” the company’s email read.
The email ended with more apology, including an admission that all of this was “disappointing news” for most users, whether or not they were affected by the breach. But that may not be enough to head off any potential class action lawsuits.