Some Wyze camera owners have reported that they were suddenly given access to cameras that weren’t theirs and even got notifications for events inside other people’s homes. Wyze cofounder David Crosby has confirmed the issue to The Verge, telling the publications that “some users were able to see thumbnails of cameras that were not their own in the Events tab.” Users started seeing strangers’ camera feeds in their accounts after an outage that Wyze said was caused by an Amazon Web Services problem.
Crosby wrote in a post on the Wyze forum that the company’s servers got overloaded, which corrupted some user data, after the outage. The security issue that resulted from that event then allowed users to “see thumbnails of cameras that were not their own in the Events tab.” Users couldn’t view those videos and could only see their thumbnails, he clarified, and they were not able to view live streams from other people’s cameras. Wyze was able to identify 14 incidents before taking down the Events tab altogether.
The company said it’s going to notify all affected users and that it has forcibly logged out everyone who’ve recently used the Wyze app in order to reset tokens. “We will explain in more detail once we finish investigating exactly how this happened and further steps we will take to make sure it doesn’t happen again,” Crosby added.
While the company doesn’t have a detailed explanation for what happened yet, its swift confirmation of the incident is a huge departure from how it previously dealt with a security flaw. Back in 2022, cybersecurity firm Bitdefender revealed that in March 2019, it informed Wyze of a major security vulnerability in the Wyze Cam v1 model. The company didn’t inform customers about the flaw, however, and didn’t even issue a fix until three years later.