WYZE security breach 18 Feb 2024

WYZE continues to show they don’t design their architecture the way most security companies do. And they definitely don’t handle discussing breaches the way most security companies do (which is why I personally no longer use them.)

They had a major outage over the weekend. That affected lots of customers whose cameras were unavailable to them.

Then, in the process of bringing everything back online, they overloaded a third-party image storing service they were using, with the result that about 20000 of their customers could, for a relatively brief time, view the camera feeds of other customers. (Welcome to the unsecured cloud)

They sent out an email this morning that looks like it went to all of their registered customers and specifically told you if you were one of those whose images had been exposed.

But I went to their website, and there was nothing there about it. I would’ve expected a front page statement, but nope. Or at least a blog article, but again no.

Maybe it’s there somewhere and I missed it, or maybe they just hadn’t put it up yet, and it will be there later today, but this feels like what they’ve done in the past where they sort of tried to pretend it never happened. :see_no_evil::hear_no_evil::speak_no_evil:

2 Likes

at least this time is was thumbnails instead of live streams :sweat_smile: But yeah, this is getting really old. Thankfully I don’t use any of their products inside my home, but my trust for using them outdoors is eroding now.

Here’s the announcement they emailed to unaffected users

1 Like