Wyze, the maker of affordable home security cameras, experienced a glitch on Friday that allowed thousands of customers to access images and videos from cameras belonging to other users.
On Friday, an outage caused by a problem with an Amazon Web Services (AWS) partner left Wyze customers unable to view footage from their own cameras for several hours. As the company worked to restore service, approximately 13,000 Wyze users received thumbnails and video clips from cameras that did not belong to them.
In an email sent to customers on Monday, Wyze acknowledged that around 1,500 users had tapped on these mismatched thumbnails, potentially viewing event videos from strangers’ cameras. The company blamed the issue on a third-party caching client library that mixed up device and user IDs when reconnecting cameras en masse after the outage.
“The incident was caused by a third-party caching client library that was recently integrated into our system. This client library received unprecedented load conditions caused by devices coming back online all at once. As a result of increased demand, it mixed up device ID and user ID mapping and connected some data to incorrect accounts,” Wyze said in an email.
In response to customers reporting the privacy breach, Wyze blocked access to its ‘Events’ tab and added an extra verification layer for accessing event videos. The company also logged out users who had accessed the app on Friday to reset authentication tokens.
This is the second time in five months that Wyze users have reported seeing feeds from cameras they do not own. In September 2022, up to 2,300 users may have been able to view strangers’ feeds for 40 minutes due to a “web caching issue.” Wyze claimed to have taken measures to prevent such incidents from recurring.
However, the repeated privacy breaches have left many Wyze customers frustrated and questioning the company’s security practices. Some have expressed concerns about Wyze’s handling of previous vulnerabilities disclosed by security researchers, which could have allowed access to camera feeds and SD card contents.
As Wyze continues to investigate the recent incident, customers are left with concern over unauthorised access to personal camera footage.
(Image Credit: Wyze)
See also: IoT security remains a top concern for enterprises in 2024
Want to learn about the IoT from industry leaders? Check out IoT Tech Expo taking place in Amsterdam, California, and London. The comprehensive event is co-located with other leading events including Cyber Security & Cloud Expo, AI & Big Data Expo, Edge Computing Expo, and Digital Transformation Week.
Explore other upcoming enterprise technology events and webinars powered by TechForge here.
