Databases holding millions of customers' information from Wyze Labs, which makes smart cameras and connected home gadgets, were exposed unprotected.
Customer email addresses, as well as the email addresses of those people who were given permission to view the camera feeds were public between December 4 and December 26.. A list of cameras in customers' home and tokens used to connect to smartphones and personal assistants such as Alexa were also left open for public view. Twelve Security said the data breach involved 2.4 million customers worldwide. Wyze logged out their customers and required them to log in again to create new tokens. It also unlinked its products' connection to Alexa, Google Assistant and IFTTT.
Wyze co-founder Dongsheng Song provided details about the company's investigations via a forum post. Song updated the forum post again on December 29 to reveal another leak. He claimed that Wyze has planned to email affected users about the data leak "in the near future." Wyze blamed the first incident on making a copy of its production database for running data queries on the side but accidentally left that copy unprotected and exposed. Wyze currently sells two internet-connected cameras, a smart light bulb, a connected wall plug and a package that includes both motion sensors and contact sensors.