Wyze says camera breach let 13,000 customers briefly see into other people’s homes

testeronious@lemmy.world · 5 months ago

Wyze says camera breach let 13,000 customers briefly see into other people’s homes

GlitzyArmrest@lemmy.world · 5 months ago

Nice of them to attempt to point blame at AWS, I’m sure AWS appreciates that.

fubarx@lemmy.ml · 5 months ago

There are two events:

AWS had an outage which froze their backend
They added some sort of caching that messed up when brought up and let users see other devices.

Seems like Problem 1 was with Wyze not handling disaster-recovery properly. Problem 2 is them not testing their new update and setting up proper access controls.

Trying to blame AWS on their own screwup is rich.

Ottomateeverything@lemmy.world · 5 months ago

Problem 2 also shows they have no double checks on access to private video feeds. Mixing up what’s being requested at any step and not reverifying anywhere after that point just reveals fucking terrible security practices.

SVcrossDO@lemmy.world · 5 months ago

And this is not the first time this has happened… to them.

GravitySpoiled@lemmy.ml · 5 months ago

thefartographer@lemm.ee · 5 months ago

Shut up guys, it’s not funny! I have wyze!

- googling “how to uninvite a vampire” -

AutoTL;DR@lemmings.world · 5 months ago

This is the best summary I could come up with:

Last week, co-founder David Crosby said that “so far” the company had identified 14 people who were able to briefly see into a stranger’s property because they were shown an image from someone else’s Wyze camera.

The revelation came from an email sent to customers entitled “An Important Security Message from Wyze,” in which the company copped to the breach and apologized, while also attempting to lay some of the blame on its web hosting provider AWS.

It also claims that all impacted users have been notified of the security breach, and that over 99 percent of all of its customers weren’t affected.

One Reddit user, who described herself as a “23 year old girl” was getting ready for work during the breach, described herself as “disgusted and upset” and said she would be deleting her account.

Wyze is scrambling to fix things by adding an additional layer of verification before users can view images or footage from the Events tab.

“We have also modified our system to bypass caching for checks on user-device relationships until we identify new client libraries that are thoroughly stress tested for extreme events like we experienced on Friday,” the company’s email reads.

The original article contains 413 words, the summary contains 198 words. Saved 52%. I’m a bot and I’m open source!

Tinkerer@lemmy.ca · edit-2 5 months ago

This is why I have my cameras locally and can’t reach the internet. 2fa screw up, accidentally sending other peoples cameras to users then this!? Not sure how this company is still alive. They have no idea what they are doing security wise.