‘Smart Camera’ Data Leak Exposes Personal Data Of 2.4 Million Users
A massive data leak by smart home device manufacturer Wyze revealed the personal details of 2.4 million users for over three weeks, according to the Daily Mail, citing the December 26 discovery by consulting firm Twelve Security. The find was confirmed by video surveillance authority IVPM.
Wyze, based in Seattle, was founded by former Amazon employees. The company produces inexpensive smart cameras, light bulbs, plugs and security devices.
Compromised data includes usernames, email addresses, Alexa tokens, and information specific to people’s wireless home networks.
Also exposed (albeit for just 140 users) were health stats – including weight, height and gender for the company’s upcoming smart scale product.
“We are confirming that some Wyze user data was not properly secured and left exposed from December 4th to December 26th,” wrote Wyze co-founder and chief product officer Dongsheng Song in a December 27 forum post.
“We copied some data from our main production servers and put it into a more flexible database that is easier to query. This new data table was protected when it was originally created,” he added. “‘However, a mistake was made by a Wyze employee on December 4th when they were using this database and the previous security protocols for this data were removed.”
“We are still looking into this event to figure out why and how this happened.”
According to Wyze, the compromised information did not include any passwords, nor personal financial data, physical addresses or ‘government-regulated’ personal information.
Mr Song denied Twelve Security’s report that the compromised information included the bone density and daily protein intakes of the smart scale testers — and the claim that Wyze was sending user data to the Alibaba Cloud in China.
He also refuted the allegation that the firm had experienced a similar data breach earlier this year.
‘We’ve often heard people say, “You pay for what you get,” assuming Wyze products are less secure because they are less expensive. This is not true,’ Mr Song added. –Daily Mail
“We’ve always taken security very seriously, and we’re devastated that we let our users down like this,” said Song.
The company has secured the exposed database and forced users to reset their account passwords, along with their Alexa and/or Google assistant connections.
Tyler Durden
Tue, 12/31/2019 – 12:36
via ZeroHedge News https://ift.tt/39rZJyP Tyler Durden