Wyze Leaks Customer’s Personal Data of 2.4 Million Security Camera Users

Imagine what would happen if your security camera fails to protect your security? Recently, security camera startup Wyze confirmed that it suffered a data breach earlier this month, exposing details of 2.4 million users for 22 days. These exposed data may have left the personal information of millions of its customers exposed on the internet. The US-based company produces security cameras, smart light bulbs, smart door locks, smart plugs, as well as smart home devices.

The leak was first found by consulting firm Twelve Security that published the findings on December 26th. Wyze's co-founder and chief product officer Dongsheng Song confirmed that the data was accidentally left exposed while transferring to a new database to make the data easier to query.

“We have been auditing all our servers and databases since then and have discovered an additional database that was left unprotected. This was not a production database, and we can confirm that passwords and personal financial data were not included in this database. We are still working through what additional information was leaked as well as the circumstances that caused that leak,” Dongsheng Song said in a statement.

As per information by Twelve Security, the server included information like usernames, email addresses, device models, camera nicknames, firmware information, API tokens for iOS and Android, Alexa tokens, and much more important information.

The cybersecurity firm further claimed that the data was being sent to the Alibaba Cloud in China. However, Song has rejected the claim and stated Wyze doesn't use Alibaba Cloud. He stressed that the company should be aware of phishing attacks.

The data leak occurs at the end of the year, making the situation difficult for Wyze. In July, the company declared a new Al-powered people detection feature for its affordable security cameras. Wyze is trying to reach its affected users via email. "A 3rd party may have your email address. Be aware of spam or a phishing attempt," wrote Song.

"We've logged you out of your Wyze account. You will need to log back in and relink your Alexa, Google Assistant, or IFTTT integrations if you use these services and haven't done so yet," he added.