Wyze data breach includes some customer information
Update 12-28-19: Wyze has confirmed that version of its customer database was, in fact, open for access from December 4 to December 26. This was a copy of portions the production database, including customer emails, camera nicknames, WiFi SSIDs, Wyze device information, body metrics for a small number of product beta testers, and limited tokens associated with Alexa integrations. Wyze confirmed that the copied database had the previous security protocols removed, and Wyze is investigating how this happened during the copy.
Wyze, the maker of affordable home security products, has allegedly suffered a data breach in which 2.4 million customer database records have been publicly exposed to the Internet. Twelve Security ran an article on December 26, 2019, stating that they found an open path to the company’s Elasticsearch database which contained some extremely sensitive information including exact home network details, locations of the cameras in the home, and even personal information on users.
Get two Samsung Galaxy S10 for the price of one!
In response to the post, Wyze issued a force sign-out of all users connected to its system and doubled down on its database security within 6 hours of being notified of Twelve Security’s post earlier in the day. Wyze states that it was unable to replicate the steps necessary to access its database publicly and has yet to verify that any information was leaked at all. Security website IPVM originally notified Wyze of Twelve Security‘s post via support ticket and shows evidence that they have confirmed the exploit, citing several screenshots as evidence.
As it stands, Wyze Camera users will need to log back into their accounts and generate new 2-factor authentication (2FA) codes. Any Wyze cameras that have been linked to Alexa, Google Assistant, or IFTTT will need to be re-linked in order to create a new security token. Users are also encouraged to change their account passwords. Wyze also suffered heavy traffic load over the past twelve hours since the database changes were made and had issues with their 2FA servers, but have since ironed those out. Users that had trouble logging into their accounts should no longer have problems, according to the company.
Twelve Security doesn’t appear to have responsibly disclosed this breach by reporting it to the offending party first (in this case, Wyze). This has made it difficult to identify how large the breach was before being disclosed and what might have actually been accessed. Wyze is in the middle of an investigation into the breach and has stated that it will report back once it has more information.
Wyze Cam Pan vs. Wyze Cam
What Android 10 features do you like best?
Now that Android 10 has rolled out to a ton more devices since it was first launched back in September, we’re checking in with our AC forum members to see which features they like the best.
New Galaxy Fold 2 rumor claims the phone will have a glass display
Samsung’s upcoming foldable phone, which is expected to be unveiled in February, may come with an “ultra-thin glass cover.”
How to update the software on your Google Pixel phone
One of the best parts of owning a Google Pixel is its regular software updates. Here’s how you can make sure you never miss one.
The best covers and wall plates for your Nest Hello doorbell
Keep your Nest Hello protected from the elements or make it stand out one your home with a cover or a wall plate.