A bug in Wyze security cameras allows users to watch other people’s videos
13,000 users momentarily had access to videos or thumbnails of other homes and businesses rather than their own.
Last week, after hours of being unable to access security camera video due to a glitch in the company’s servers, thousands of Wyze users began seeing strange images on their apps and websites. Instead of miniatures of their homes and businesses, other bedrooms appeared. or living rooms, other kitchens or gardens.
In thousands of cases, by clicking on these thumbnails, The app even showed live video of these rooms. belonging to other company customers, a monumental security failure that forced the company, which has millions of customers around the world, to apologize.
The company initially blamed the problem Amazonexplaining that restarting one of the AW3 infrastructure servers caused a configuration error in its databases. David Crosby The company’s co-founder also minimized the number of affected users, saying there were just over a dozen.
But a little later, in an email addressed to all its customers, Wyze admitted that the culprit was a new library developed by third parties implemented on its servers. Almost 13,000 users had access to other users’ video feeds within minutes. According to the company, more than 1,500 accounts clicked on their app or website thumbnails to view other users’ videos in a larger size.
In an apology email sent to customers, Wyze explains that 99.77% of the company’s user accounts were not affected by the security breach, but the event caused concern among many clientswho have been complaining for days on forums like Reddit or X and are considering filing a class action lawsuit.
At this time, Wyze has confirmed that it is going to change some features of its app to additional security checks before you will have access to video and live stream thumbnails from now on.
Perhaps the most serious thing is that this is not the first time this has happened. Last September, Wyze users suffered similar problem. Due to a cache error in the company’s servers, some users were seeing videos recorded by 10 different users when accessing their cameras. “Over the course of approximately 40 minutes, up to 2,300 users logged into the web view portal and were unable to see the camera footage of one of these 10 affected users,” the company explained at the time.