Intelligent security camera maker Wyze has suffered a data leak on a server, says cyber security company Twelve Security. This leak has already compromised data for about 2.4 million Wyze equipment users.
Twelve Security detailed the compromised data in one publication. These are usernames, emails, camera information such as model and firmware number, Wi-Fi details and permissions for iOS, Android, or smart speakers like Alexa.
Additionally, health data were also compromised such as height, weight, bone density and protein intake. This information is for a smart balance that Wyze would be testing in a Beta program. Twelve Security also claims that certain data was sent to a Alibaba group cloud in China.
Wyze already responded to the situation
Wyze co-founder Dongsheng Song provided some information on data leakage. Song says the exposed server was a flexible database used to make it easier for consumers to search for data. Due to an “employee error”, security protocols have been removed and the server exposed.
The server in question was exposed from December 4-26, the date Twelve Security and the related IPVM blog noticed the leak. Meanwhile, Song indicates that Wyze is logging out of all user accounts and clearing authorizations to eliminate the security breach.
The co-founder also pointed out that this leakage is not related to low product prices. Song promises that this is not a “cheap is expensive” situation.
EBox editors recommend: