I saw the data leak email last week while on vacation. I didn’t change my password, despite knowing that particular password had been found on the dark web. Well, this afternoon, my cameras started moving. A few minutes later, I got an alert from wyze.com that said “Thanks for creating an account.” Then 5 minutes after that, I got a notice that someone was trying to log in to my Apple ID. That account uses a very different, and as yet uncompromised, password.
I logged into Wyze and changed to a new, very strong password. Is there anything else I should do? Would it be possible that the person who logged into my account could’ve uploaded hacked/spy firmware to my cameras?
That definitely sounds like someone managed to get ahold of your password. The data leak itself included emails, but not passwords. You mentioned that you’re aware the password has already been compromised, however, so hackers can certainly cross-reference from other data leaks. That sounds like the most likely scenario.
If you’ve changed it to a strong password, that should definitely help. It should also be unique – You shouldn’t use it on other services. If you’d like to protect yourself even further, you can enable Two-Factor Authentication on your account.
It’s not possible for someone to upload custom firmware over the cloud. If your firmware was outdated, someone could potentially update your firmware to the latest version released by Wyze, but they couldn’t upload their own. That can only be done with physical access to the camera, through the microSD slot.
Thanks guys, sounds like I’m covered. It’s a testament to Wyze’ quality that I’ve had these cameras for over 3 years now and never needed to create an account here!