Wyze server leak exposes customer data of 2.4 million users
5Reported today on The Verge
For the full article visit: https://www.theverge.com/2019/12/30/21042974/wyze-server-breach-cybersecurity-smart-home-security-camera
Reported today in The Verge.
Wyze server leak exposes customer data of 2.4 million users
An unsecured server exposed the data of Wyze customers over a period of three weeks, the smart security camera manufacturer has admitted. The leak was first discovered by the cybersecurity firm Twelve Security, which published its findings on December 26th, while IPVM, a blog focused on video surveillance products, was able to verify that its own data had been affected by the leak. According to Twelve Security, the data of around 2.4 million Wyze customers was compromised.
In a forum post announcing the leak to its users, Wyze co-founder Dongsheng Song wrote that the exposed server was not a production server, but was instead a "flexible database" that was created to allow for customer data to be more quickly queried. The co-founder said that an employee error led to the server's security protocols being removed on December 4th, and the data was exposed until December 26th when the company was made aware of the problem.
In its blog post on the leak, Twelve Security said that the server included information like usernames, email addresses, camera nicknames, device models, firmware information, Wi-Fi SSID details, API tokens for iOS and Android, and Alexa tokens from users who'd connected Amazon's voice assistant with their security cameras. (Wyze says that the database did not include user passwords.) The cybersecurity firm also claimed that the database included a huge array of health information, including height, weight, bone density, and daily protein intake. Song confirmed that some health information was present thanks to a beta test of a new smart scale product, but disputed that it had ever collected information on bone density and daily protein intake.
Twelve Security even c