When you put a camera in your house, there is a not-zero chance someone on the internet will see you in your underwear. Case in point: Earlier this week, Wyze alerted customers that there was a breach of security that allowed external parties to see live views of other users’ Wyze cameras for a period of time.
Credit: Amanda Blum
About 13,000 Wyze customers temporarily had access to other Wyze cameras that weren’t theirs. According to Wyze, this is less than 2.5% of their user base. Some of these 13,000 users received thumbnails from cameras that weren’t theirs, and about 1,500 people tapped on those thumbnails to enlarge the thumbnail or see a live view or clip.
The problem originated with an AWS partner on Friday, February 16, 2024, which caused an outage of Wyze services for a number of hours. As the devices came back online, they overwhelmed the system, which mixed up the mapping between user IDs and device IDs. Wyze logged out and disposed the token of every Wyze user who logged in on Friday—the day the offending action took place.
This is the second time in six months that this type of event has happened. In September 2023, a similarly small subset of Wyze customers (about 2,500) reported seeing images or accessing feeds from cameras that weren’t theirs, due to a web caching issue.
Unfortunately, these aren’t even the only issues: A security firm publicly called out vulnerabilities at Wyze a few years ago, and Wyze has settled a suit regarding the issue.
In the email sent to clients (which I received as I’m testing two Wyze cameras), the company sympathized with customer frustration and explained, briefly, how they’d attempt to hedge against this in the future by adding checks on those mapping relationships. Still, this is a temporary measure until they are able to implement new client libraries that are better hardened for events like Friday’s.
Wyze, as a brand, definitely falls into the “more affordable” segment of security cameras, but breaches like this are not unique—we’ve seen them at larger companies as well. While we shouldn’t have to trade off the ability to watch our pets cavort around the living room while we’re out with the possibility of other people also being able to see into our homes, it has become the cost of doing business. That doesn’t mean it’s OK, however.
My Wyze cameras are both mounted in my kitchen, so to those who possibly saw me singing along to “Fame” while doing dishes in my unicorn onesie last week: You’re welcome.