Wyze, a startup active in the field of security cameras, has confirmed that some personal data of millions of users – more than 2.4 according to the first estimates – were leaked online. A similar case (but in some ways less serious, for the type of data disclosed) compared to what it has interested a few days ago the cameras, the Ring of Amazon.
The information exposed in the network do not include password or financial information, but mainly:
- E-mail addresses
- Nickname of the cameras
- The SSID of the WIFi networks
- Some personal information about 140 users who are carrying out the program of beta testing of some devices:
- Height, weight, and gender
- A small number of token relating to the integration with Alexa.
The above-mentioned information, were exposed over the network from the 4 to the 26 of December last, because of a problem during transfer operations to a new database, created to make easier the execution of the query. According to the results of the first investigations of the incident, an employee from the company would have applied the security protocols necessary to prevent the spread of the data. To reconstruct the exact dynamics may still take some time: we are still reviewing the event to understand how and why it happened.
The main risk that they run users Wyze is the possibility that third parties may have access to the email address and use it in the context of spam campaigns or phishing attempts. As a precaution, in addition, the managers of the service have disconnected all users from your account in order to generate new access token (there is, however, evidence that the previous token has been used improperly by third parties): you will need to log in again and reset any integrations with Alexa, Google Assistant and IFTTT.
After the incident, Wyze has added an additional level of protection to the system database and, as a precaution, has invited users to change password and activate two-factor authentication.
Security cameras Wyze, also commercialized in the Italian market, are the products fairly inexpensive, but the company rejects the idea that they are less secure, just because it is less expensive than competing devices. At the same time, the startup admits the need to review security protocols are up to now used:
We often hear people saying “you Pay for what you have”, starting from the assumption that the products Wyze are less secure because they are less expensive. It is not true. We have always taken very seriously the security and we are sad to disappoint our users in this way. This is a clear signal that we need to completely review the security guidelines, more effectively communicate these protocols to employees, and to increase the security measures available to users beyond the two-factor authentication.