Wyze cctv cam data leak may have exposed personal data for millions of users

[Razer]

Wyze data leak may have exposed personal data for millions of users

Security camera maker Wyze said it left personal information for 2.4
million customers exposed on the internet for weeks

Tyler Lizenby/CNET

Security camera startup Wyze  has confirmed it suffered a data leak
earlier this month that may have left the personal information for
millions of its customers exposed on the internet. No passwords or
financial information was exposed, but email addresses, Wi-Fi network
IDs and body metrics were left unprotected from Dec. 4 through Dec. 26,
the company said Friday.

More than 2.4 million Wyze customers were affected by the leak,
according to cyber-security firm Twelve Security, which first reported
on the leak

The data was accidentally left exposed when it was transferred to a new
database to make the data easier to query, but a company employee failed
to maintain previous security protocols during the process, Wyze
co-founder Dongsheng Song wrote in a forum post.

"We are still looking into this event to figure out why and how this
happened," he wrote.

Keeping sensitive information private continues to be a challenge for
database managers. Among this year's more high-profile data leaks were
the names, addresses and demographic data of 80 million US households,
as well as the expected salaries of more than a million job seekers and
thousands of Facebook passwords.

Among the data exposed in the Wyze leak was the height, weight, gender
and other health information for about 140 beta users participating in
testing of new hardware, Wyze said. 

The company said there was no evidence that login tokens had been
exposed but signed out all users to generate new tokens. Customers can
also expect their cameras to automatically reboot in the coming days due
to an additional security action.

Wyze said it takes its product security seriously and will reexamine its
procedures.

"This is a clear signal that we need to totally revisit all Wyze
security guidelines in all aspects, better communicate those protocols
to Wyze employees, and bump up priority for user-requested security
features beyond 2-factor authentication," Wyze said.

Wyze representatives didn't immediately respond to a request for
additional information and comment.

https://www.cnet.com/news/wyze-data-leak-may-have-exposed-personal-data-for-millions-of-users/

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: OpenPGP digital signature
URL: <https://lists.cpunks.org/pipermail/cypherpunks/attachments/20191229/eea91b84/attachment.sig>