Some owners of Wyze cameras are worried about the security that their cameras are supposed to provide.
A security issue allowed people to have access to the camera feeds of strangers, our sister station KIRO reported.
Chelsey Allen from South Bend, Indiana, told KIRO that some of her cameras were offline. Her entire system points towards the street at her home. But when the cameras came back online, she saw a woman walking from room to room in another part of the country.
Allen tried to contact Wyze via online chat and said that she was number 160 in the queue.
The Verge was the first to report the issue with Wyze cofounder David Crosby confirming that “some users were able to see thumbnails of cameras that were not their own in the Events tab.”
“After an AWS outage this morning, our servers got overloaded and it corrupted some user data. We have now identified a security issue where some users were able to see thumbnails of cameras that were not their own in the Events tab. Fortunately, they were not able to view live streams or watch these videos, only the thumbnails were visible,” Crosby wrote on a Wyze forum. He said the company was investigating.
The Verge reached out to AWS which did not have an outage at the time of Wyze’s issue.
The company later told users that it was a “third-party caching client” that contributed to the problem.
The publication 9 to 5 Mac said that originally the issue impacted 14 people but that number increased to 13,000 people, claiming that users only saw a thumbnail. However, some users, like Allen, said they saw either a full-sized still frame or a video recording.
”We have sent emails out to all affected and unaffected Wyze users from the security issue that occurred on 2/16/24.
“The first email went to all unaffected users.
“The second email went to users whose event thumbnails were made available to others but not tapped on.
“The third email went out to users whose event thumbnails were made available to others and were tapped on.
“The fourth email went out to users who had thumbnails made available to them that were not their own, but their thumbnails were not made available to others.”
One of the emails read, according to 9 to 5 Mac:
“We can now confirm that as cameras were coming back online, about 13,000 Wyze users received thumbnails from cameras that were not their own and 1,504 users tapped on them. We’ve identified your Wyze account as one that was affected. This means that thumbnails from your Events were visible in another Wyze user’s account and that a thumbnail was tapped. Most taps enlarged the thumbnail, but in some cases it could have caused an Event Video to be viewed.
“The incident was caused by a third-party caching client library that was recently integrated into our system. This client library received unprecedented load conditions caused by devices coming back online all at once. As a result of increased demand, it mixed up device ID and user ID mapping and connected some data to incorrect accounts.
“To make sure this doesn’t happen again, we have added a new layer of verification before users are connected to Event Videos. We have also modified our system to bypass caching for checks on user-device relationships until we identify new client libraries that are thoroughly stress tested for extreme events like we experienced on Friday.”
This is not the first time Wyze cameras have allowed personal videos to be viewed by those who do not own them, 9 to 5 Mac reported.
In 2022 hackers were able to access stored video, and according to the publication, the glitch was not remedied for three years.
In 2019, 2.4 million Wyze users had personal data taken in a separate incident.
The New York Times, which had initially recommended Wyze cameras pulled their recommendation in September 2023 after the stored video issue.
The newspaper reported at the time, “We reached out to Wyze for details, and a representative characterized the incident as small in scope, saying they ‘believe no more than 10 users were affected.’ Other than a post to its user-to-user online forum, Wyze Communities, and communication to those it says were affected, the company has not reached out to Wyze customers, nor has it provided meaningful details about the incident.”
© 2024 Cox Media Group