2019 wrapped up with another data breach linked to a home security camera and smart device maker - Wyze Labs. An internal accident leaving certain databases exposed for 23 days appears to be the source of this breach. Not only were those who purchased the product at a loss of their information, but a total of 2.4 million users, including family members who have received access to the camera system are at risk as well.
The convenience of having virtual eyes on our property and children definitely has its benefits, but consumers should take precaution when shopping for various products and really assess the potential risks involved with having smart devices. Practicing good cyber hygiene is always a proactive way of minimizing the damaging effect on a persons digital footprint.
Wyze Co-founder Dongsheng Song confirmed the breach on December 27 and said the exposed database contained a large amount of personal, product and some medical information. - Username and email of those who purchased cameras and then connected them to their home. - Email of any user they ever shared camera access with such as a family member. - List of all cameras in the home, nicknames for each camera, device model and firmware. - Wi-Fi SSID, internal subnet layout, last on time for cameras, last login time and last logout time from app. - API Token for access to user account from any iOS/Android device. - AlexaTokens for 24,000 users who have connected Alexa devices to their Wyze camera. - Height, weight, gender, bone density, bone mass, daily protein intake, and other health information for a subset of users.