Wyze, a smart camera maker, said that some users last week saw footage from cameras that weren’t their own because of a security glitch.
In an email to users sent Monday, the company said an outage that lasted several hours last Friday briefly left camera footage inaccessible because of an glitch with its cloud computing partner AWS.
As Wyze worked to bring the cameras back, about 13,000 users “experienced a security issue” where they saw wrong thumbnails from other users in the Wyze app. About 1,500 users clicked on the tabs showing the other people’s footage, which enlarged the thumbnail and in some cases allowed people to view footage from other users cameras.
Wyze is blaming the incident on “a third-party caching client library” that it began using in its system. The system “received unprecedented load conditions caused by devices coming back online all at once” because of the influx in demand, mixed up IDs between devices and users and “connected some data to incorrect accounts.”
The company said it notified affected users added a “new layer of verification” for users to see thumbnails and videos to prevent this from happening again.
“We know this is very disappointing news. It does not reflect our commitment to protect customers or mirror the other investments and actions we have taken in recent years to make security a top priority at Wyze,” the company said in the email.
It’s not the first security incident that has affected Wyze. In 2019, a data leak exposed millions of customer email addresses as well as the email addresses of those people who were given permission to view the camera feeds. A list of cameras in customers’ home and tokens used to connect to smartphones and personal assistants such as Alexa were also left open for public view.
Wyze, which was started by three former Amazon employees, makes cameras that cost as little as $20, much less than the hundreds of dollars that many competing products cost.
Other smart cameras made by competitors, like Amazon-owned Ring, have also been the victim of hacks.
Read the full article here