A recent Wyze service outage caused a camera breach that briefly let users see into other people’s homes. Company co-founder David Crosby said last week that the company identified 14 people “so far” who could see someone else’s property instead of their own.

Now, the number of affected customers has jumped from 14 to 13,000. That’s quite a dramatic uptick.

The new number was revealed in an email sent to customers entitled “An Important Security Message from Wyze.” The email was sent to affected and unaffected customers.

The Verge acquired the email and reported the company confirmed the breach and apologized. The Seattle-based company said the issue occurred during the recovery from a service outage Friday morning.

“We can now confirm that as cameras were coming back online, about 13,000 Wyze users received thumbnails from cameras that were not their own and 1,504 users tapped on them,” Wyze said in the email.

Wyze said the initial service outage originated from AWS (Amazon Web Services) and took down Wyze devices for several hours Friday morning. Wyze said the breach stemmed from all its servers coming back online at once from the outage, specifically pinpointing a “third-party caching client library” that was recently integrated by the company.

“This client library received unprecedented load conditions caused by devices coming back online all at once. As a result of increased demand, it mixed up device ID and user ID mapping and connected some data to incorrect accounts,” Wyze stated in the email to customers.

Wyze says it will implement an additional layer of verification before users are connected to Event Videos “to make sure this doesn’t happen again.”

This isn’t the first time Wyze has experienced security issues. In 2019, a breach exposed the data of 2.4 million users. Wyze admits this recent incident is “disappointing news” and says it will work to rebuild trust with its customers. Given the scale of this breach, that trust may take time to rebuild.

Image credit: Wyze

Source: The Verge


Source link