Popular Deal

PSA: wyze data leak

935 636 December 29, 2019 at 08:08 PM in Home & Home Improvement (5)
Deal
Score
+427
181,325 Views

Deal Details

Last Edited by tomeaine December 30, 2019 at 04:47 AM
+427 Deal Score
181,325 Views
FYI: haven't seen any emails from Wyze but at a minimum update your password.
https://www.cnet.com/news/wyze-da...%3A51%3A18
Other articles: (Thanks Nytron,Java007)
https://www.marketwatch.com/story...2019-12-29
https://www.bleepingcomputer.com/...h-cluster/
Share
Good deal?
You gave thanks to tomeaine for this post.
Thank you!
tomeaine posted this deal. Say thanks!
About the OP
Joined Nov 2012 L5: Journeyman
636 Reputation Points
27 Deals Posted
89 Votes Submitted
935 Comments Posted

Community Wiki

Last Edited by ubets January 8, 2020 at 08:35 AM
Allegations from 12 security the firm the reported the incident
https://blog.12security.com/wyze-...aresflare/
Posted by Tadcrazio

Articles to read through:
C-NET [cnet.com]

Market watch posted by Nytron [marketwatch.com]

Bleeping Computers posted by Java007 [bleepingcomputer.com]

Wyze response
WYZE UPDATE [wyzecam.com]

Update 12/31:
Email sent to Wyze users:
Wyze Users,

There is nothing we value higher than trust from our users. In fact, our entire business model is dependent on building long-term trust with customers that keep coming back.

We are reaching out to you because we've made a mistake in violation of that trust. On December 26th, we discovered information in some of our non-production databases was mistakenly made public between December 4th - December 26th. During this time, the databases were accessed by an unauthorized party.

The information did not contain passwords, personal financial data, or video content.

The information did contain Wyze nicknames, user emails, profile photos, WiFi router names, a limited number of Alexa integration tokens, and other information detailed in the link below.

If you were a user with us before we secured this information on December 26th, we regretfully write this email as a notification that some of your information was included in these databases. If you are receiving this email and joined us after December 26th, we write this email because you use our products and deserve to know how your data is being handled.

Upon finding out about the public user data, we took immediate action to secure it by closing any databases in question, forcing all users to log in again to create new access tokens, and requiring users to reconnect Alexa, Google Assistant, and IFTTT integrations. You can read in more detail about the data leak and the actions we took at this link:

https://forums.wyzecam.com/t/upda...12-26-2019

As an additional security measure, we recommend that you reset your Wyze account password. Again, no passwords were compromised, but we recommend this as a standard safety measure. You may also add an additional level of security to your account by implementing two-factor authentication inside of the Wyze app. Finally, please be watchful for any phishing attempts. Especially watch any communications coming from Wyze and ensure they come from official @wyze.com and @wyzecam.com email addresses.

We are deeply sorry for this oversight. We promise to learn from this mistake and will make improvements going forward. This will include enhancing our security processes, improving communication of security guidelines to all Wyze employees, and making more of our user-requested security features our top priority in the coming months. We are also partnering with a third-party cyber security firm to audit and improve our security protocols.

As we continue our investigation into what happened, we will post future updates to the forum link above. More details will follow and we appreciate your patience during this process. Please reach out with any questions or concerns to our customer support team by going to support.wyze.com.

Sincerely,
Yun Zhang
CEO @ Wyze




Once a Thread Wiki is added to a thread, "Create Wiki" button will disappear. If you would like to learn more about Thread Wiki feature, click here.

While the CEO is saying nothing is valued higher than customer trust, each company is facing the new intelligent law effective now. That law requires corporation from all Chinese companies to share any intelligence or data with the Community government upon requested. The Huawei said it will reject such request, but it is actually founded and funded/supported by the military and the government (so far by more than 75 billion US dollars reportedly). The Wyze is based on Seattle, WA, but is it true that the company has no connection with Chinese government. Also please remember that it is very common that very private info such as ID, bank accounts, can be sold all over the places sometimes even publicly. So it will not surprise me that you might find that some day your video is online or is at some dirty hands. I understand that we as SDers are looking for slick deals here, but I will not risk my privacy and family security for saving some hundred dollars on video cameras. Recently it is reported that Mi camera could forward private videos to other cameras or google hubs. So when you are happy for saving 100 dollars, please also understand your risks.

524 Comments

1 2 3 4 5

Sign up for a Slickdeals account to remove this ad.

This comment has been rated as unhelpful by Slickdeals users Show Post
HIDDEN
12-29-2019 at 08:10 PM
This comment has been rated as unhelpful by Slickdeals users
This comment has been rated as unhelpful by Slickdeals users
Joined Jun 2014
L2: Beginner
36 Posts
18 Reputation
#4
you're thinking of Waze, this is Wyze.
0
0
0
0
Reply
This comment has been rated as unhelpful by Slickdeals users
Joined Jul 2005
Deals-Manipulator
935 Posts
271 Reputation
#5
Quote from jailer1
:
Identity theft ahead, turn left.
You may be confusing it with Waze...Wyze is a camera security system, which is even worst...
0
0
0
0
Reply
This comment has been rated as unhelpful by Slickdeals users Show Post
HIDDEN
12-29-2019 at 08:13 PM
This comment has been rated as unhelpful by Slickdeals users
This comment has been rated as unhelpful by Slickdeals users Show Post
HIDDEN
12-29-2019 at 08:13 PM
This comment has been rated as unhelpful by Slickdeals users
This comment has been rated as unhelpful by Slickdeals users
Joined Jan 2005
Watching for a deal
583 Posts
215 Reputation
#8
Just saw this news as well. Another take is at:

https://www.bleepingcomputer.com/...h-cluster/
0
0
0
0
Reply
This comment has been rated as unhelpful by Slickdeals users
Joined Sep 2017
L2: Beginner
35 Posts
30 Reputation
#9
Quote from Nytron
:
More reputable link: https://www.marketwatch.com/story...2019-12-29 [marketwatch.com]
how is CNET unreputable?
0
0
0
0
Reply

Sign up for a Slickdeals account to remove this ad.

This comment has been rated as unhelpful by Slickdeals users Show Post
HIDDEN
12-29-2019 at 08:16 PM
This comment has been rated as unhelpful by Slickdeals users
This comment has been rated as unhelpful by Slickdeals users Show Post
HIDDEN
12-29-2019 at 08:18 PM
This comment has been rated as unhelpful by Slickdeals users
This comment has been rated as unhelpful by Slickdeals users Show Post
HIDDEN
12-29-2019 at 08:18 PM
This comment has been rated as unhelpful by Slickdeals users
This comment has been rated as unhelpful by Slickdeals users
Joined Sep 2005
L7: Teacher
2,941 Posts
103 Reputation
#13
Quote from thakoolkid
:
Wouldn't have these issues if companies didn't "lowball" cyber security professionals. Why, work for less than 100k, probably contract, 9-5 shit, no remote work. With millions, if not billions for some of dollars of data. Vs black hat shit? Smh...
Soo true
0
0
0
0
Reply
This comment has been rated as unhelpful by Slickdeals users Show Post
HIDDEN
12-29-2019 at 08:23 PM
This comment has been rated as unhelpful by Slickdeals users
This comment has been rated as unhelpful by Slickdeals users
Joined Sep 2005
Grand Poobah
8,821 Posts
2,484 Reputation
Pro
#15
"the unsecured database did contain customer emails and camera nicknames, WiFi SSIDs, Wyze device info, roughly 24,000 tokens associated with Alexa integrations, as well as body metrics including height, weight, gender, and other health info for a small number of product beta testers."

First Ring, now this.

So, let me get this straight. People are buying these systems, whatever the manufacturer, to enhance their personal security. Yeah, right.

IoT is an active minefield.
0
0
0
0
Reply
Last edited by PossumLodge December 29, 2019 at 08:26 PM.
Page 1 of 35
1 2 3 4 5
Join the Conversation
Add a Comment
 

Top Coupons & Promo Codes

Link Copied to Clipboard