Skip to main content

Wyze customers hit by online data leak, company confirms

Wyze, maker of smart home devices such as cameras, locks, and lightbulbs, has confirmed several data breaches that left personal data linked to millions of its customers exposed online.

The first leak was spotted by cybersecurity firm Twelve Security and reported on December 26, while the second was reported a short while later by a Wyze community member. Twelve Security suggested the data belonged to as many as 2.4 million Wyze customers.

Recommended Videos

The data, which remained exposed from December 4 through December 26, 2019, included emails, camera nicknames, Wi-Fi network IDs, Wyze device information, and also body metrics for 140 people who were testing a new piece of Wyze hardware.

Please enable Javascript to view this content

The Seattle-based startup said that no financial information or passwords were held in the exposed databases.

What happened?

Confirming the mishap in messages posted on a Wyze forum, company co-founder Dongsheng Song said it resulted from an effort to “find better ways to measure basic business metrics like device activations, failed connection rates, etc.” Song said his team had transferred data from its main production servers to a more flexible database that was easier to query.

“This new data table was protected when it was originally created,” Song explained. “However, a mistake was made by a Wyze employee on December 4th when they were using this database and the previous security protocols for this data were removed.”

He added that the company, which launched two years ago, will provide a more detailed explanation once its investigation is complete. Song also strongly denied Twelve Security claims that Wyze data “is being sent back to the Alibaba Cloud in China.” He said that while the company does have official Wyze employees and manufacturing partners in China, it “does not share user data with any government agencies in China or any other country.”

In an FAQ section about the data breach, Song told users that in case the email addresses fall into the wrong hands, customers should be aware of phishing attempts where criminals try to trick you into giving up log-in information for online services.

Wyze: “We’re devastated”

Apologizing to customers, the Wyze co-founder said: “We’ve always taken security very seriously, and we’re devastated that we let our users down like this. This is a clear signal that we need to totally revisit all Wyze security guidelines in all aspects, better communicate those protocols to Wyze employees, and bump up priority for user-requested security features beyond 2-factor authentication.”

Wyze’s misstep caps a grim year for data breaches. In the spring, data linked to 80 million households was leaked online, and in October more than 7 million Adobe customers had their personal information exposed. Facebook, meanwhile, saw data belonging to 540 million of its users exposed by third-party apps, and earlier this month information linked to 267 million Facebook users was found on a hacker forum. Other serious breaches involved financial services firm Capital One and photo site 500px, among others.

We’d like to think 2020 will see companies taking much better care of our personal information online, but we’re not holding our breath.

Trevor Mogg
Contributing Editor
Not so many moons ago, Trevor moved from one tea-loving island nation that drives on the left (Britain) to another (Japan)…
The new Wyze Cam Pan v2 lets you set up a custom patrol route
Wyze Cam Pan v2

It can be tough to position a security camera in just the right spot, but the Wyze Cam Pan v2 doesn't have this issue. Thanks to its 360-degree horizontal tilt and its 93-degree vertical tilt, it can keep an eye on the action throughout the entire room. In fact, you can place it near the center of the room and have it constantly on the lookout for trouble.

The Wyze Cam Pan v2 also includes full-color night vision at 1080p resolution. Knowing details like the color of a shirt can make a lot of difference, and the full-color night vision gives this camera a leg up over competitors that lack this feature.

Read more
T-Mobile confirms hack, investigates whether customer data was stolen
A T-Mobile store.

T-Mobile has confirmed that its computer systems were accessed without permission and says it's now conducting an investigation to determine the full extent of the hack.

The announcement follows claims on Sunday, August 15, that a hacker was in possession of data belonging to 100 million T-Mobile customers and was trying to sell it via an underground forum.

Read more
T-Mobile investigating claims of massive hack involving customer data
T-Mobile storefront with corporate signage.

T-Mobile says it’s investigating claims of a major data breach that may affect as many as 100 million of its customers.

A message spotted on an underground forum on Sunday, August 15, came from someone claiming to be in possession of personal data belonging to 100 million people. The message made no mention of T-Mobile, but when the poster was contacted by news site Motherboard, it became apparent that the mobile company's customers were at the center of the alleged hack. The figure of 100 million would be remarkable as it's almost equal to T-Mobile's entire customer base.

Read more