Wyze camera breach may have let 13,000 customers peek into others' homes
Thousands of Wyze camera customers recently had images of their homes, and, in some cases video, made visible to strangers, due to "a security event," involving third-party caching and crossed wires, the company said Tuesday on its user forum.
Wyze Labs, maker of smart home cameras, informed customers who experienced a service outage Friday that 13,000 camera users received video thumbnails of other people's homes, according to an update posted by co-founder Dave Crosby.
"We can now confirm that as cameras were coming back online, about 13,000 Wyze users received thumbnails from cameras that were not their own and 1,504 users tapped on them," the company explained.
Strangers viewed other customers' enlarged thumbnail images, and in some cases, recorded event videos that were attached to them.
The incident stemmed from a service outage related to a caching issue that "took down Wyze devices for several hours early Friday morning," the company said in its email to clients, which it shared online . "If you tried to view live cameras or events during that time you likely weren't able to."
The outage caused a third-party caching client library to overload and "got wires crossed while trying to come back online," the company said, adding, "As a result of increased demand, it mixed up device ID and user ID mapping and connected some data to incorrect accounts."
As service was restored, happenings inside customers' homes were inadvertently exposed to strangers, as users were shown images that didn't belong to them.
The company said it has now added a new layer of verification to ensure users are only shown feeds that belong to them.
Wyze added that the incident doesn't reflect its "commitment to protect customers" and that security is a "top priority" at Wyze.
On a Reddit forum dedicated to Wyze camera owners, some users that they were "watched by someone," and that the company didn't take sufficient responsibility for the incident, blaming it on a third party.
Wyze did not immediately respond to CBS MoneyWatch's request for comment.