Latest in Gear

Image credit:

Wyze leaks personal data for 2.4 million security camera users

Leaked data even included health information like bone density.
1107 Shares
Share
Tweet
Share

Sponsored Links

You buy a home monitoring camera to improve your security, but Wyze customers might have wound up achieving the opposite. The company, which makes $20 security cameras to pepper around your home, has admitted that data on more than 2.4 million users has been exposed. A database was left exposed, allowing people to access key pieces of data, although financial information was not included.

The issue was uncovered by consulting firm Twelve Security, who announced that sensitive user data had been left exposed on the internet. This included a staggering array of personal information including email addresses, a list of cameras in the house, WiFi SSIDs and even health information including height, weight, gender, bone density and more.

The Twelve Security researcher who disclosed the issue wrote that the database of information was live and open, with anyone able to access it. They described it as the largest breach they had even seen in their ten year career, and concluded, "If this was intentional espionage or gross negligence, it remains a malicious action that must be answered in the form of a decisive, external, and fast investigation by US authorities."

For its part, Wyze responded with a series of forum posts confirming the leak but denying some parts of the Twelve Security report. "We are confirming that some Wyze user data was not properly secured and left exposed from December 4th to December 26th," the company said. It denied that it had leaked bone density information, for example, but confirmed it had leaked "body metrics" for a small number of beta testers.

Wyze says it is investigating what happened and how the leak occurred, and that it plans to send an email notification to affected customers. In the meantime, if you have a Wyze account it's a good idea to change your password and turn on two-factor authentication.

All products recommended by Engadget are selected by our editorial team, independent of our parent company. Some of our stories include affiliate links. If you buy something through one of these links, we may earn an affiliate commission.
Comment
Comments
Share
1107 Shares
Share
Tweet
Share

Popular on Engadget

Apex's electric supercar includes an AR race coach and partial self-driving

Apex's electric supercar includes an AR race coach and partial self-driving

View
BMW will discontinue its iconic i8 hybrid sports car in April

BMW will discontinue its iconic i8 hybrid sports car in April

View
Tesla starts delivering the Model Y

Tesla starts delivering the Model Y

View
Accidental cross-play makes Star Wars 'Jedi Academy' a console bloodbath

Accidental cross-play makes Star Wars 'Jedi Academy' a console bloodbath

View
AI transforms 'The Great British Bakeoff' into a horror show

AI transforms 'The Great British Bakeoff' into a horror show

View

From around the web

Page 1Page 1ear iconeye iconFill 23text filevr