Skip to main content

Wyze customers hit by online data leak, company confirms

Wyze, maker of smart home devices such as cameras, locks, and lightbulbs, has confirmed several data breaches that left personal data linked to millions of its customers exposed online.

The first leak was spotted by cybersecurity firm Twelve Security and reported on December 26, while the second was reported a short while later by a Wyze community member. Twelve Security suggested the data belonged to as many as 2.4 million Wyze customers.

The data, which remained exposed from December 4 through December 26, 2019, included emails, camera nicknames, Wi-Fi network IDs, Wyze device information, and also body metrics for 140 people who were testing a new piece of Wyze hardware.

The Seattle-based startup said that no financial information or passwords were held in the exposed databases.

What happened?

Confirming the mishap in messages posted on a Wyze forum, company co-founder Dongsheng Song said it resulted from an effort to “find better ways to measure basic business metrics like device activations, failed connection rates, etc.” Song said his team had transferred data from its main production servers to a more flexible database that was easier to query.

“This new data table was protected when it was originally created,” Song explained. “However, a mistake was made by a Wyze employee on December 4th when they were using this database and the previous security protocols for this data were removed.”

He added that the company, which launched two years ago, will provide a more detailed explanation once its investigation is complete. Song also strongly denied Twelve Security claims that Wyze data “is being sent back to the Alibaba Cloud in China.” He said that while the company does have official Wyze employees and manufacturing partners in China, it “does not share user data with any government agencies in China or any other country.”

In an FAQ section about the data breach, Song told users that in case the email addresses fall into the wrong hands, customers should be aware of phishing attempts where criminals try to trick you into giving up log-in information for online services.

Wyze: “We’re devastated”

Apologizing to customers, the Wyze co-founder said: “We’ve always taken security very seriously, and we’re devastated that we let our users down like this. This is a clear signal that we need to totally revisit all Wyze security guidelines in all aspects, better communicate those protocols to Wyze employees, and bump up priority for user-requested security features beyond 2-factor authentication.”

Wyze’s misstep caps a grim year for data breaches. In the spring, data linked to 80 million households was leaked online, and in October more than 7 million Adobe customers had their personal information exposed. Facebook, meanwhile, saw data belonging to 540 million of its users exposed by third-party apps, and earlier this month information linked to 267 million Facebook users was found on a hacker forum. Other serious breaches involved financial services firm Capital One and photo site 500px, among others.

We’d like to think 2020 will see companies taking much better care of our personal information online, but we’re not holding our breath.

Editors' Recommendations

Trevor Mogg
Contributing Editor
Not so many moons ago, Trevor moved from one tea-loving island nation that drives on the left (Britain) to another (Japan)…
Wyze Home Monitoring System can now detect leaks and climate changes at home
Wyze Climate Sensor placed on ledge.

Smart home brand Wyze is adding two new smart devices to its home monitoring lineup, enabling users to expand their kit to include extra capabilities for sensing moisture and climate conditions.

The first device is the Wyze Sense Leak Sensor, a battery-power sensor probe with an optional thin sensor that can be attached to extend the device’s capabilities. When water makes contact with either sensor on the probe, it can send a signal -- up to 500 feet -- to the home monitoring system so that owners get an alert about a potential leak.

Read more
T-Mobile reveals it ended 2020 with data a breach
The T-Mobile logo on a smartphone.

T-Mobile’s new year is not off to the greatest of starts after the carrier revealed details of a security breach affecting some of its customers.

A message on T-Mobile’s website says that a recently identified security incident may have allowed hackers to steal customer data such as phone numbers, number of lines subscribed to on an account, and call-related information collected as part of the normal operation of its wireless service.

Read more
Razer may have leaked your personal information
15 best things to buy with the amazon gift card you got for christmas razer basilisk gaming mouse  1

Gaming hardware company Razer has suffered a leak that potentially exposed the personal information of more than 100,000 customers who are registered in the Razer system.

The leak looks like it was the result of a faulty Elasticsearch database that exposed customers’ emails, addresses, and phone numbers, but not their passwords, according to Ars Technica.

Read more