Security issue with Wyze camera allowed users to see other owners’ homes

Some Wyze camera owners have reported that they suddenly had access to cameras that weren’t theirs and even received notifications for events happening at other people’s homes. Wyze co-founder David Crosby confirmed the issue to The edge, telling the posts that “some users may have seen thumbnails of cameras that were not theirs in the Events tab.” Users started seeing strangers’ camera feeds in their accounts after an outage that Wyze said was caused by an Amazon Web Services issue.

Crosby wrote in a post on the Wyze forum that the company’s servers were overloaded, which corrupted some user data, after the outage. The security issue resulting from this event then allowed users to “see thumbnails of cameras that were not theirs in the Events tab.” Users couldn’t see those videos and could only see their thumbnails, he said, and they couldn’t see live feeds from other people’s cameras. Wyze was able to identify 14 incidents before completely removing the Events tab.

The company said it will notify all affected users and has forcibly logged out everyone who recently used the Wyze app in order to reset the tokens. “We will explain in more detail once we have finished investigating exactly how this happened and what additional steps we will take to make sure this doesn’t happen again,” Crosby added.

Although the company does not yet have a detailed explanation for what happened, its rapid confirmation of the incident represents a considerable change from how it had previously handled a security breach. In 2022, cybersecurity company Bitdefender revealed that in March 2019 it informed Wyze of a major security vulnerability in the Wyze Cam v1 model. However, the company did not notify its customers of the flaw and did not release a patch until three years later.