Seattle based Wyze Labs, maker of the popular and inexpensively priced security cams, exposed approximately 2.4 million customers information through an improperly secured database. Wyze did quickly notify customers on their forum and then sent a detailed explanation via email to their affected customers. They noted the types of data exposed and how the events transpired. The company said that no passwords of financial data were exposed.
Unfortunately, both large and small companies are still prone to mistakes in both securing and auditing their customer databases. Wyze forced a reset of all passwords, but their 2FA servers were temporarily overwhelmed and out for several hours. The company also refreshed tokens for third party assistants like Alexa, Google Assistant, and IFTTT.
What data was exposed?
“Our investigation is still in process, but we have confirmed the information contained Wyze nicknames (the optional name change in the Account section of the Wyze app), Wyze device names, user emails, profile photos, WiFi router names, and some Alexa integration tokens. We refreshed the Alexa tokens, so, please re-link your Alexa skill if you have not done so yet. We also refreshed the tokens for The Google Assistant and IFTTT. The information did not contain passwords, personal financial data, or video files.”