A security breach at a smart camera company allowed 13,000 customers to peak into other users’ homes, it has been revealed.
Wyze cameras, sold by retailers such as Amazon and Walmart, confirmed customers had seen thumbnail images from cameras that did not belong to them. Some were also able to view video footage.
It comes amidst widespread privacy fears over popular doorbell and home surveillance cameras, prompting the Amazon-owned Ring Doorbell to announce it would no longer share footage with police departments.
Wyze – which sells cameras for as little as $20 – said the breach was sparked by an outage on Friday with its AWS cloud service that took down its devices for several hours. It did not specify which models were affected.
As it worked to restore the camera feeds, a security issue allowed users access to the images. Of the 13,000 customers who received the images, 1,504 clicked on them.
David Crosby, one of the company’s co-founders, said in a statement: ‘Some users reported seeing the wrong thumbnails and Event Videos and, in their Events tab.,
‘We immediately removed access to the Events tab and started an investigation.’
Crosby also blamed the incident on a new third-party client library which ‘received unprecedented load conditions caused by devices coming back online all at once.
‘As a result of increased demand, it mixed up device ID and user ID mapping and connected some data to incorrect accounts,’ he added.
The firm said it sent out several rounds of emails in order of how and if the user was affected.
The emails allege around 99.75 percent of its users were unaffected by the breach.
It is not the first time Wyze has been embroiled in an embarrassing data gaffe.
In 2019, the company left the personal details of 2.4 million users exposed on the internet for more than three weeks.
Among the details compromised were email addresses, WiFi network names, smart device details and the health statistics of a limited number of users.
Mounting fears over the security of home surveillance cameras last month forced Ring Doorbell to announce it would no longer share footage from its cameras with police departments.
The Amazon-owned company did not give reasons for its decision, but it is being seen as a move to try and relieve fears of constant surveillance.
In a blog post on Wednesday, Ring said it will end its ‘Request for Assistance’ tool, which allows police departments and other public safety agencies to request and receive video captured by the doorbell cameras through Ring’s Neighbors app.
