KIRKLAND, Washington — The maker of one of the most popular - and inexpensive - home security cameras is alerting its customers to a security breach that allowed some users to view the security videos from other users.
The breach stems from a ‘security outage’ that began on Friday morning that later led to a “security incident” according to an email sent to Wyze customers on Monday morning.
“As we worked to bring cameras back online, we experienced a security issue,” said Wyze. “Some users reported seeing the wrong thumbnails and Event Videos in their Events tab. We immediately removed access to the Events tab and started an investigation.”
Event videos are short videos that capture a person’s movements, a vehicle, or even sound, which are then placed in a user’s profile to allow them to watch the playback of that event video.
“We can now confirm that as cameras were coming back online, about 13,000 Wyze users received thumbnails from cameras that were not their own and 1,504 users tapped on them, said Wyze. “Most taps enlarged the thumbnail, but in some cases an Event Video was able to be viewed. All affected users have been notified.”
Wyze (pronounced: wise) advertises its products as compact, easy-to-use security cameras with prices starting as low as $19.99, which has fueled their popularity.
“We must do more and be better, and we will,” said Wyze in its email to consumers. “We are so sorry for this incident and are dedicated to rebuilding your trust.
The cameras are big sellers on Amazon.com which indicates more than 10,000 of the cameras are sold by the online retailer a month. The founders of Wyze all once worked at Amazon.
Wyze says it is taking steps to prevent future breaches, so consumers do not have access to other people’s surveillance cameras.
“To make sure this doesn’t happen again, we have added a new layer of verification before users are connected to Event Videos,” said Wyze. ‘We have also modified our system to bypass caching for checks on user-device relationships until we identify new client libraries that are thoroughly stress tested for extreme events like we experienced on Friday.”
“We know this is very disappointing news. It does not reflect our commitment to protect customers or mirror the other investments and actions we have taken in recent years to make security a top priority at Wyze,” according to the email from Wyze. “We built a security team, implemented multiple processes, created new dashboards, maintained a bug bounty program, and were undergoing multiple 3rd party audits and penetration testing when this event occurred.”
“Wirecutter,” which is a widely read product recommendation service from the New York Times raised concerns about the security of Wyze cameras last fall, which forced it to pause all testing and recommendations of Wyze cameras due to security concerns. The Times was reacting to a report in 2023, by The Verge, which said some Wyze security camera owners reported they were able to see live video feeds from cameras they didn’t own or recognize.
Wyze customers with questions about this latest incident were told to visit the company’s support page.
This is a developing story. Check back for updates as more information becomes available.
Download the FREE Boston 25 News app for breaking news alerts.
Follow Boston 25 News on Facebook and Twitter. | Watch Boston 25 News NOW
©2024 Cox Media Group