Update 12-28-19: Wyze has confirmed that version of its customer database was, in fact, open for access from December 4 to December 26. This was a copy of portions the production database, including customer emails, camera nicknames, WiFi SSIDs, Wyze device information, body metrics for a small number of product beta testers, and limited tokens associated with Alexa integrations. Wyze confirmed that the copied database had the previous security protocols removed, and Wyze is investigating how this happened during the copy.
What you need to know
- Wyze's database was allegedly publicly exposed to the Internet, a breach reported by a security blog.
- Wyze has yet to confirm the breach but has signed out all users as a security measure.
- The breach was not reported in a responsible manner and leaves several questions surrounding its validity.
Wyze, the maker of affordable home security products, has allegedly suffered a data breach in which 2.4 million customer database records have been publicly exposed to the Internet. Twelve Security ran an article on December 26, 2019, stating that they found an open path to the company's Elasticsearch database which contained some extremely sensitive information including exact home network details, locations of the cameras in the home, and even personal information on users.
In response to the post, Wyze issued a force sign-out of all users connected to its system and doubled down on its database security within 6 hours of being notified of Twelve Security's post earlier in the day. Wyze states that it was unable to replicate the steps necessary to access its database publicly and has yet to verify that any information was leaked at all. Security website IPVM originally notified Wyze of Twelve Security's post via support ticket and shows evidence that they have confirmed the exploit, citing several screenshots as evidence.
As it stands, Wyze Camera users will need to log back into their accounts and generate new 2-factor authentication (2FA) codes. Any Wyze cameras that have been linked to Alexa, Google Assistant, or IFTTT will need to be re-linked in order to create a new security token. Users are also encouraged to change their account passwords. Wyze also suffered heavy traffic load over the past twelve hours since the database changes were made and had issues with their 2FA servers, but have since ironed those out. Users that had trouble logging into their accounts should no longer have problems, according to the company.
Twelve Security doesn't appear to have responsibly disclosed this breach by reporting it to the offending party first (in this case, Wyze). This has made it difficult to identify how large the breach was before being disclosed and what might have actually been accessed. Wyze is in the middle of an investigation into the breach and has stated that it will report back once it has more information.
We may earn a commission for purchases using our links. Learn more.
A few good Kindle books can help you get through these tough times
One of my favorite pastimes in good times or bad is to curl up on the sofa with a good book, preferably on my Amazon Kindle. Here are some of the stories that have been distracting me over the past few weeks of lockdown and social isolation.
Top 6 things Google needs to add to Chrome OS to compete with Windows
Chrome OS has gotten pretty good in recent years — especially for tablets and touchscreens — but there’s always room to improve. Here’s my wishlist for my favorite lightweight laptop ecosystem.
Amazon Echo Frames review: Alexa comes for your eyes and ears
When I reviewed the Amazon Echo Buds in late 2019, I commented that they were a solid first attempt to help get Alexa out of the house and make her more useful on the go. The Echo Frames, which were announced at the same time as the Echo Buds, are the latest of Alexa's steps into the wider world. I'll tell you what I thought of them after my first few days with them.
Make your bedroom smarter and your mornings brighter
We often focus on smart home tech for the rooms in the home where people often congregate, like the living room, rec room, basement, kitchen, or even backyard. But what about the bedroom? There's plenty of smart home tech that is perfectly suited to the bedroom, helping you get a better night's rest or a more refreshed wake-up experience.