Wyze Labs, a US-based company that deals in smart gadgets and wireless cameras, has confirmed that its database holding information of millions of customers has been breached.
Cybersecurity firm Twelve Security discovered the breach on December 26 and Wyze confirmed that data of nearly 2.4 million customers worldwide was compromised. Twelve Security revealed that email addresses, WiFi network names, lists of camera names, and personal health information for a small number of beta users were left exposed for a certain time period. Wyze, on its part, has assured that no customer password or financial information was leaked to the public. It seems there were two leaks involving the company.
Wyze Labs takes responsibility
In a public letter to its customers, Wyze cofounder Dongsheng Song said, “Today, we are confirming that some Wyze user data was not properly secured and left exposed from December 4th to December 26th.”
The system became vulnerable when the company imported data to test some business metrics and inadvertently exposed customer emails along with WiFi SSIDs, Wyze device information, body metrics for a small number of product beta testers, and limited tokens associated with Alexa integrations, said the company in its email.
As a precautionary measure, Wyze advised customers to log in afresh into their account and generate new tokens. They have also unlinked from all third party integration and are working on improving camera security.
Wyze has denied that any health-related information was leaked. It was reported that customer’s bone density and protein intake details were exposed through some devices that were in beta testing.
About Wyze Labs…
Wyze Lab was founded by ex-Amazon employees in 2017 and has raised $20 million in Series A funding. They make low cost cameras starting at $20, a very competitive price compared to other players in the market.
Security cameras have become popular with smart devices becoming a part of everyday life. Internet of Things and the integration of platforms and AI has led people to invest in such gadgets heavily.
But security has always been an issue with hackers being able to access the cameras and even voice command apps like Alexa and Siri. A recent study has revealed that low-intensity lasers can be used to control speech-enabled smart devices.
Reports of hackers accessing cams
There have been many reports of hackers accessing cameras used to monitor kids. Ring cameras, owned by Amazon, have been breached by hackers at least four times, according to news reports. But Amazon has denied any security vulnerabilities in its cameras and said weak passwords of accounts or stolen details allowed people to access the camera.
One man talked to an eight-year-old through the camera and told her he was Santa Claus and asked her to trash the room. In other incidents, a family was harassed with racist comments, and a woman in Alabama was shouted at.
There are reports of a podcast where they teach how to hack Nest and Ring cameras and even demonstrate the same for entertainment value.
Considering the danger involved when cameras are monitored remotely and even used for voyeurism and threats, it is incumbent on companies manufacturing and selling such devices to add stringent security layers and keep updating their software to keep a step ahead of such breaches by hackers.