The data was left unguarded on the internet and included vital information like email addresses, list of cameras. WiFi SSID and also personal health details like height, weight, bone density and much more. The leak was first found by Twelve Security researchers and later confirmed by Wyze. Furthermore, the researchers claim that the database of information was live and open thus allowing anyone to access it.
Painting a grim picture, the security researcher from Twelve Security says it is one of the largest breaches they have seen in their career. They also add “If this was intentional espionage or gross negligence, it remains a malicious action that must be answered in the form of a decisive, external, and fast investigation by US authorities.”
We are confirming that some Wyze user data was not properly secured and left exposed from December 4th to December 26th.We don’t have all the answers yet, but we wanted to provide an update based on our investigations so far. We will be providing a detailed follow-up once we complete our investigation.”- Waze
It is worth noting that Alexa tokens for 24,000 users who had connected Alexa to their Wyze have been leaked. However, the company claims password information and bone density information was not leaked. The company is still investigating the leak and is planning to send an email notification to the affected users. If you are a Wyze user, then it is best to change your password and strengthen security.
Do you think security camera makers take enough measures to protect user data? Let us know in the comments below.[via Twelve Security]