Remember the Wyze security camera leak from a few days ago, which showed 14 users footage from other people’s homes? It turns out that the number of people affected is about 13,000.
Wyze notified users of the February 16 security breach via email and admitted that approximately 930 times more people were affected by the incident than initially thought. The smart home company said about 13,000 users saw thumbnails from other people’s cameras, and 1,504 of them actually clicked on them. This either enlarges the picture or shows users video from a stranger’s Wyze camera, private images they should never have access to.
Wyze security camera users reported seeing strangers in action. This has happened before.
According to the company, more than 99.75% of Wyze users were not affected by the leak. Still, about 0.25% of users had their privacy violated, and 100% of users should have renewed concerns about the safety of their security cameras.
The leak comes after Wyze’s cameras were down for nearly nine hours on Friday, with the company blaming its partner Amazon Web Services for the outage. When these devices come back online, they are mistakenly connected to the wrong user, allowing people to peer into strangers’ homes.
“This incident was caused by a third-party caching client library that was recently integrated into our systems,” Wyze wrote in an email that the company also shared on its official forums. “The client library received an unprecedented load condition caused by devices coming back online at the same time. Due to the increased demand, it confused device ID and user ID mappings and connected some data to the wrong account.”
Wyze security camera users are generally unconvinced by this explanation. Many took to social media to mock the security breach and Wyze’s response, criticizing the company for trying to pin the blame on third parties instead of taking full responsibility.
“I really hate it when a company tries to blame a ‘third party’ for negligence…” Reddit user u/90TigerWW2K commented. “Dear Wyze, Whether the error originated from AWS or another third party, from a consumer perspective, it is your responsibility to manage your provider.”
“I’m so disgusted and frustrated,” wrote u/H3H3ather. She is among the 0.25% of affected users. “I have deleted my account but I feel so violated.”
Wyze is trying to reassure customers by adding more security to its service.
“To ensure this doesn’t happen again, we’ve added a new layer of verification before users are connected to active videos,” Waits wrote. “We have also modified our systems to bypass caching of user device relationship checks until we find new client libraries that have been thoroughly stress tested against the extreme events we experienced on Friday.”
Unfortunately, for some users, this may be too late, especially considering this is far from Wyze’s first security scandal. A similar incident in September previously allowed Wyze users to view footage from other people’s cameras, and the company said at the time that it would “work to ensure this never happens again.” The 2022 report revealed that Wyze was aware of a major security flaw three years ago but failed to fully fix it, recall affected cameras, or even notify users. In 2019, a massive data breach at Wyze exposed the personal data of 2.4 million users, including email addresses and health data.
Security cameras are useful and can provide users with an extra sense of security in many situations. However, you should carefully consider whether you really need a connected camera to monitor you in your home. Or, at least, reassess their positioning.
from Tech Empire Solutions https://techempiresolutions.com/wyze-security-camera-breach-actually-affected-13000-users-not-14/
via https://techempiresolutions.com/
No comments:
Post a Comment