About 13,000 home security customers were shown someone else's home

26.02.2024

Wyze, a manufacturer of smart cameras, acknowledged a security lapse wherein certain users encountered footage from cameras not belonging to them due to a recent glitch. In an email sent to users on Monday, the company explained that an outage last Friday, caused by a glitch with its cloud computing partner AWS, temporarily rendered camera footage inaccessible.

During the restoration process, approximately 13,000 users faced a security issue where they observed incorrect thumbnails from other users within the Wyze app. Approximately 1,500 users clicked on tabs displaying other users’ footage, leading to enlarged thumbnails and, in some instances, unauthorized access to footage from other users’ cameras.

Wyze attributed the incident to the use of a “third-party caching client library” in its system. The system encountered unprecedented load conditions due to a surge in demand as devices came back online simultaneously, resulting in mixed-up IDs between devices and users, and the erroneous connection of some data to incorrect accounts.

To address the situation, Wyze informed affected users and implemented a “new layer of verification” to prevent a recurrence of such incidents. The company expressed regret over the situation, emphasizing that it does not reflect its commitment to customer protection or the security measures implemented in recent years.

This is not the first security incident involving Wyze; in 2019, a data leak exposed millions of customer email addresses, along with camera feed permissions, lists of cameras in customers’ homes, and tokens used for smartphone and personal assistant connections. Despite these challenges, Wyze, founded by three former Amazon employees, is known for offering affordable cameras, with prices as low as $20, in contrast to competing products that often cost hundreds of dollars. It’s worth noting that other smart cameras from competitors, such as Ring, have also faced security breaches.