Wyze, a popular security camera company, has recently faced a major security breach that allowed 13,000 of its customers to briefly see into other people’s homes. This alarming revelation came to light when the company sent out an email titled ‘An Important Security Message from Wyze’ to its customers, acknowledging the breach and issuing an apology.
The company attributed the breach to a third-party caching library and also pointed fingers at its web hosting provider AWS, claiming that the outage originated from the partner AWS and disrupted Wyze devices for several hours. This led to customers experiencing frustration and confusion when trying to view live cameras or events during that time.
As Wyze attempted to bring its cameras back online, customers reported seeing mysterious images and video footage in their own Events tab. In response, Wyze disabled access to the tab and initiated an investigation. The company explained that the breach occurred as a result of a third-party caching client library, integrated into its system, experiencing unprecedented load conditions due to devices coming back online simultaneously. This led to a mix-up in device ID and user ID mapping, connecting some data to incorrect accounts.
Unfortunately, this mix-up resulted in an estimated 13,000 people gaining unauthorized access to thumbnails from strangers’ homes. Wyze disclosed that 1,504 people tapped to enlarge the thumbnail, and a few of them were able to view a video. However, the company reassured that all impacted users have been notified of the breach, and over 99 percent of its customers were not affected.
Unsurprisingly, the security breach has sparked outrage among Wyze customers, with many expressing their disgust and frustration on platforms like Reddit. One user described feeling violated and announced their decision to delete their account in response to the breach.
Wyze is now working diligently to address the situation by implementing additional security measures to prevent such breaches in the future.