Data leak at Wyze, 2.4 million customers affected

IP camera maker Wyze has been hit by a personal data leak.

Until the last day of 2019, the leaks kept getting talked about. This time, the cause of the release of a database of 2.4 million customers of the firm was due to a failure to set up the said database elasticSearch. We are talking about at least 40 million records that would consist of personal information such as names and surnames, usernames, email addresses, as well as Wi-Fi SSID numbers. All information has been loged in that can be accessed by anyone.

This article will also interest you: Data leaks in 2019

"We confirm that some Wyze user data were not properly secured and were exposed from 4 to 26 December notified IP camera manufacturing company Wyze in a blog.

From every point of view, this is a blow to the young company that was only created in 2017. It was founded by four former engineers who worked for Amazon in Seattle. They specialize in making low-cost IP cameras to deal with several major security calls. The leak was revealed by Twelve Security. We were able to get more details thanks to IPVM. Moreover, it has been notified that the 2.4 million people who have had their information published unfortunately have had to deal with some too personal information circulating on the web. as mentioned above, there were credentials, such as email addresses and usernames, personal information such as names and surnames, geolocation information such as physical address and other camera model information as well as firmware camera numbers, and Wi-Fi SSID numbers. In addition, Twelve Security has also highlighted the leakage of Tokens API data that can allow anyone who knows how to access the camera using an iOS or even Android device as well as Alexa tokens tools held by no less than 24,000 users who would have connected their Alexa device to a Wyze camera.

However, it should be noted that the camera manufacturer was still very careful. "There is no evidence that API tokens for iOS and Android have been exposed, but we have decided to update them as we begin our investigation as a precaution. Last night, we forced all Wyze users to reconnect to their Wyze account to generate new tokens. We also dissociated all third-party integrations, which led users to link the integrations with Alexa," the firm said in an updated blog post on December 27.

The Company of Camera Manufacturers will inform audit carried out on all of its servers and databases, that no financial data passwords were affected by the disclosure. One way to reassure its users. Because on the one hand, the accident is still due to a handling error that resulted in a lack of protection for the elasticSearch data. in any case this is what has been put forward by Twelve Security, security, security,

The duration of data exposure according to IPVM would be 3 weeks. "We confirm that some Wyze user data was not properly secured and was exposed from December 4 to 26," noted the manufacturer, who was kind enough to provide details on the origin of the incident. "To help manage Wyze's extremely rapid growth, we recently launched a new internal project to find better ways to measure basic business indicators such as device activations, connection error rates… We copied some data from our main production servers and placed them in a more flexible and interrogate-friendly database. This new data table was protected when it was originally created. However, an error was made by a Wyze employee on December 4 when he was using this database and previous security protocols for this data were removed. We are still looking at this event to understand why and how it happened."

Now access an unlimited number of passwords:

Check out our hacking software