A POPULAR home security tech company, Wyze, has suffered a camera breach that showed users’ footage to thousands of strangers.
A few days ago, Wyze emailed customers revealing that a recent glitch ‘affecting 14 users’ actually involved roughly 13,000 people.
AlamyUsers aren’t happy with the way Wyze tries to pass blame and have been left wanting to delete their accounts[/caption]
That is 930 times more people than originally thought on Friday (16 February).
“The outage originated from our partner AWS (Amazon Web Services) and took down Wyze devices for several hours early Friday morning,” the email read, which has also been posted on its help forum.
“If you tried to view live cameras or Events during that time, you likely weren’t able to.
“We’re very sorry for the frustration and confusion this caused.”
The breach occurred when Wyze tried to bring its devices back online following an outage, which the company attributes to AWS.
“This client library received unprecedented load conditions caused by devices coming back online all at once,” the company added.
“As a result of increased demand, it mixed up device ID and user ID mapping and connected some data to incorrect accounts.”
Of all the user footage that was shared among users, Wyze admits 1,504 people tapped to enlarge the thumbnail and watched the video.
Some even captured screen recordings of the footage they saw on other people’s properties, and of other people.
All impacted users have been notified of the security breach.
But users aren’t happy with the way Wyze tries to pass blame and have been left wanting to delete their accounts.
“I really dislike it when a company tries to blame a “third party” for an oversight,” one Redditor commented.
“Dear Wyze, whether the error originated with AWS or some other third party, from the consumer’s perspective, YOU ARE RESPONSIBLE FOR MANAGING YOUR VENDORS.”
Another Reddit user, who was impacted by the breach wrote: “I’m so disgusted and upset.
“I’ve already deleted my account, but I’m feeling so violated.”
Wyze has taken the incident as an opportunity to bolster its security controls.
“To make sure this doesn’t happen again, we have added a new layer of verification before users are connected to Event Videos,” the company explained in its apology email.
“We have also modified our system to bypass caching for checks on user-device relationships until we identify new client libraries that are thoroughly stress tested for extreme events like we experienced on Friday.”
The security for privacy trade-off
Analysis by Millie Turner, Technology and Science Reporter at The Sun.
With today’s Wi-Fi and app-assisted gadgets, home security comes at the cost of privacy.
Companies like Wyze and Amazon-owned Ring talk the talk when it comes to privacy, but they often don’t walk the walk.
A similar ‘disturbing’ glitch was also discovered at Wyze in September last year, when one user claimed they saw a couple stark naked in their home.
While Ring has fended off uproar over its sharing of footage with the police (which it has now limited), as Amazon swallowed tens of millions in privacy fines for the company’s activities.
Such behaviour has led privacy campaigners to view easy-to-use security gadgets with hard-to-understand T&Cs through an increasingly scrutinised lens.
“It comes down to this issue that we talk about a lot in the privacy space: that people want to feel feel safe and often feeling safe rubs up against privacy,” Jen Caltrider, founder and lead researcher of Mozilla’s Privacy Not Included guide, told The Sun.
“The flip side is, now we have cameras all over the place that are recording all the time and our privacy is going by the wayside.”
But there are ways to get the best of both worlds, if you’re willing to trade cloud storage for local storage.
While a staunch security technology critic, Caltrider has cameras in and around her home which she bought “specifically because they have local storage”.
“That’s a good thing for consumers to look for: local storage. Because once something leaves your home, you no longer have control over it,” she explained.
Consumers should also look for security companies that have end-to-end-encryption available, as this means no one can see your footage.
Lastly, be wise and respectful about where you place your cameras, as the last thing you want is to be caught with your pants down or face a £100k fine.