Data Breach

IoT provider Wyze confirms Massive Data Leak

Image Credit : WYZE

Wyze smart home device provider company has suffered a data leak exposing data of around 2.4 million customers.

Wyze provides smart home products, smart devices, and wireless cameras. It aims to make smart home technology accessible to everyone. Wyze believes in less margin and focusing on the customer’s experience.

Wyze received a support case from IPVM about the report “Massive Data Leak” posted on 26 December 2019. According to the report, Wyze’s Elastic search databases not properly secured and left exposed to the internet. Report originally published by an anonymous author on Twelve Security Blog, a Cybersecurity firm. Data leak later confirmed by Wyze’s Co-founder Dongsheng Song in a forum post on 27 Dec 2019.

Dongsheng confirmed Wyze user data was not properly secured and left exposed to the internet for 22 days between 4 December 2019 to 26 December 2019. Dongsheng also said the exposed elastic database server was not production. However, they copied a subset of real data to the secondary server from the production server. Data was safe when the secondary server created But, one of the employees on 4 December 2019 removed security protocols and left it vulnerable. They are still investigating the actual reason behind it.

Wyze is still investigating and not confirmed breach of any kind but, an article published by IPVM and 12Security says the following data was exposed:

  • User name and email of Wyze camera owners.
  • Personal and Health-related information of the user like Gender, Height, Weight, Bone Density, Bone Mass, etc.
  • Email of a user who connected to the camera.
  • List of all home cameras and its details like nicknames, device model, last login/logout time and firmware.
  • API Tokens for access to the user account from any Mobile device.
  • Alexa Tokens for users who have connected Alexa devices to their Wyze camera.

Dongsheng said exposed data did not contain user passwords or any financial information.

After verification of the data leak, Wyze increased one more protection layer to its database servers and pushed a token to all users so users automatically logged out from their account and forced to log back into their app. Wyze also unlinked all 3rd party integrations which require users to re-link with Alexa, Google Assitant, and FITTT.

If you are Wyze user and having any trouble logging into the Wyze app, please contact the customer support team.

Also Read: The Best IoT Devices to Buy in 2020

Encrypt Team

Recent Posts

Cybersecurity For Small Businesses On A Budget

Did you know that more than 46% of cyberattacks are directed at companies with fewer than 1000…

6 months ago

Importance Of Regular Software Updates In Cyber Security

Digitalization has both pros and cons. However, one of the major disadvantages that each of…

6 months ago

Five Machine Learning Types to Know

The concept of machine learning is completely changing the world and revolutionizing various sectors. But…

7 months ago

Cyber Fraud Vs Cybersecurity: Defending Online Threats

Did you know that in the year 2023, around 353 million faced digital breaches that could potentially…

7 months ago

Google’s Real-Time URL Protection For Chrome Users

How safe is your internet browsing experience? In a world where cyberattacks have become common,…

7 months ago

How Do We Prioritize Cybersecurity Spending?`

With the penetration of cyber threats every minute, cybersecurity has become critical in the personal…

7 months ago

TheEncrypt uses cookies.