It’s, unfortunately, increasingly common for security cameras to have a glitch that exposes data from one user’s system and have that data show up in someone else’s app, but when it does happen, it usually has a minimal impact. Wyze, though, has confirmed that a recent outage led to the cameras of 13,000 customers being semi-accessible to other accounts.
Last week, Wyze users experienced a major outage that took down camera feeds for several hours. The outage was attributed to a problem with AWS, Wyze said, but as the cameras came back online, some users started to notice camera feed thumbnails that weren’t from their own cameras.
Wyze confirmed over the weekend that, yes, camera thumbnails were accidentally accessible from other users’ systems for a brief period. The thumbnails were seen in the Wyze app’s “Events” tab and showed images, not full clips, from cameras that were not from a user’s own cameras. The company at the time mentioned to The Verge that the issue had been reported by just over a dozen users, but the actual impact was far greater.
In a round of emails sent to Wyze customers overnight, Wyze explains that this thumbnail issue affected roughly 13,000 customers. Thumbnails from other accounts were sent to that huge number of Wyze owners, and the company says that just over 1,500 of those users tapped on the thumbnails from other users. Wyze explains on its forum that the emails were sent in three variants. One email was sent to all customers unaffected by the issue, one sent to those affected, and a third to users whose thumbnails were not only visible to others, but were tapped on to be enlarged.
That led to some uncomfortable situations, including from one Reddit user (a 23-year-old woman) who was “getting ready for work” during the outage.
In the email, Wyze explains that the issue was caused by a “third-party caching client library” that was “recently integrated.” The system had trouble handling all of Wyze’s cameras coming back online at once after the outage was resolved which led to “mixed up device ID and user ID mapping.”
Wyze also notes that, to “make sure this doesn’t happen again,” a new layer of verification has been added before users are connected to event videos.
The email reads in part:
This isn’t the first time Wyze has had this issue. Just last year, a similar issue allowed see not only thumbnails, but full videos from other user’s systems. That issue was attributed to a “web caching” problem. Prior to that, Wyze confirmed in 2022 that a security flaw could allow hackers to access all video stored on a Wyze camera’s SD card. The company knew about the problem for three years before fixing and disclosing it, and left older hardware vulnerable by not providing updates.
More on Smart Home:
Arlo’s new price increase makes Google’s Nest Aware look like a steal
Google One is still planning to add Nest Aware
Google Nest Hub will now let anyone in your house control Digital Wellbeing features
Follow Ben: Twitter/X, Threads, and Instagram
Add 9to5Google to your Google News feed.
FTC: We use income earning auto affiliate links. More.
