13,000 users of video cameras bought from Amazon have been able to see into the homes of people they don't know in the last few days due to some problems.
13,000 people were able to see images from inside the homes of strangers
Last week, co-founder David Crosby said that “so far” the company has identified 14 people who were able to briefly see into a stranger's property because they were shown an image from someone else's Wyze camera, according to a website . On Monday evening, another statement from the company showed that the number of affected customers had increased to 13,000.
The disclosure was made in an email sent to customers entitled “An important security message from Wyze“, in which the company explains how it all started with a problem with the cloud storage solution Amazon Web Services (AWS), which made the live footage unusable for several hours.
“The outage originated from our AWS partner and took Wyze devices out of service for several hours early Friday morning. If you tried to view live cameras or Events during that time frame, you may not have been able to. We are very sorry for the frustration and confusion this has caused.
However, the breach occurred while Wyze was trying to bring its cameras back online. Customers have reported seeing mysterious images and videos in their own Events tab. Wyze disabled access to that tab and launched its own investigation.
As before, Wyze blames the incident on “a third-party cache client library” which was recently integrated into its system.
This client library was subjected to unprecedented load conditions caused by devices coming back online at once. As a result of the increased demand, it messed up the device ID and user ID mapping and linked some data to incorrect accounts.
But it was too late to prevent about 13,000 people from taking an unauthorized look at the miniatures in the homes of strangers. Wyze says 1,504 people clicked to enlarge the thumbnail, and several of them captured a video they were able to see. Wyze also claims that all affected users have been notified of the security breach and that more than 99 percent of all its customers have not been affected.
Wyze customers are already voicing their outrage on Reddit and elsewhere. One Reddit user, who described herself as a “23-year-old girl” who was getting ready for work at the time of the breach, described herself as “disgusted and angry” and said she would be deleting her account. “I feel so violated,” she said.
Wyze is working to fix things by adding an extra layer of verification before users can view images or footage from the Events tab. “We have also modified our system to bypass the cache for user-device relationship checks until we identify new client libraries that are thoroughly stress-tested for extreme events like the ones we experienced on Friday,” the statement said. company email.
The email concludes with several apologies, including an acknowledgment that this will all be “disappointing news” for most of its users, whether or not they were affected by the breach. But that may not be enough to prevent any class action lawsuits that might arise from this situation.