An unprotected database was found to have exposed the data of all Wyze users who created an account before December 26, 2019.
Seattle, Washington-based Wyze Labs is the creator of affordable smart home products that aim to provide users with the same capabilities as more expensive systems. The company’s first product was WyzeCam, a remotely-controlled smart home camera.
Following a report last week of an exposed database containing a great deal of information on Wyze users, the company stepped forward and confirmed the leak, while also revealing that it had launched an investigation into the matter.
The initial report on the leak suggested that the database contained usernames and emails of those who connected the smart cameras, along with the emails of those they shared camera access with, a list of all cameras in the home, nicknames of these cameras, device model, and firmware.
Moreover, the leak reportedly included WiFi SSID, internal subnet information, API tokens for access from iOS and Android devices, Alexa tokens for 24,000 users, and personal information such as height, weight, gender, bone density, bone mass, daily protein intake, and other health information for a subset of users.
Immediately after learning of the incident, Wyze pushed a token refresh to all users, forcing them to re-login and re-link integrations with Google Assistant, Alexa, and IFTTT.
The next day, the company revealed that the exposed database, which contains only part of the data stored on the main production servers, was created on December 4, 2019, as part of an “internal project to find better ways to measure basic business metrics like device activations, failed connection rates, etc.”
The database, the compan ..
Support the originator by clicking the read the rest link below.
