Camera was hacked

omg I just wasted 15 minutes typing a response to the main post that said EXACTLY the same thing lol.

I could move your post to #tips-and-tricks if you would like. That way the entire community could benefit from it. It is well written. :slight_smile:

2 Likes

Whatever you think is appropriate :slight_smile: nyrangers also had a good post, and though it has more things (such as using VPN) it’s also a great candidate to put over there. My post was a knee-jerk reaction to the original post which suggested that Wyze products are insecure (lol) and implied that companies are responsible for the mis-use of their products ;). I love your cameras btw.

I wish I could take credit, but I don’t work for Wyze. Moderators and Mavens are customers like you who volunteer to help out on the forum. :slight_smile:

5 Likes

You added some good pointers that I didn’t mention. I’m just trying to raise some awareness about protecting our privacy online. Whether it’s from big corporations, hackers, or your nosy neighbors. Sharing your life on Facebook might have been “cool” a decade ago but social engineering isn’t something to be taken lightly nowadays. I would also recommend getting a burner phone that is used for your banking and other extremely sensitive accounts instead of using your regular home or cell number. What I mean by burner phone is a prepaid cellphone service that you pay for WITH CASH and isn’t tied in any way to your real name. This would cost you around $5-$10 per month only and it’s worth the extra security it provides.

The reason for all this is simple, google yourself and you’ll most likely find your current and previous address, phone numbers, email addresses, relatives and your name (even your middle name) and your DOB. It’s SCARY how easy it is for a hacker to gain all this info by a simple search which can be used to hijack your online accounts.

Here’s a scenario: You connect to the wifi in your university, airport, or local coffee shop and lurking around is a nefarious hacker that has gained access to your device through the unsecured network. You send an email, log into your accounts, you post on social media and this hacker has been intercepting it all. They now know your name, email, and the passwords for the accounts you used so far. They will use a bot (a program) that will take those emails and passwords and try them on major sites hoping you used the same credentials on other sites. Then, they will google you and come up with the rest of the info (address, DOB, middle name, etc.) to help them even further.

You’re wondering what the chances are of this happening to you. For me, this hit home when a close friend of mine had her home robbed TWICE when she was away on vacation, had her identity stolen a year later and it got me thinking. She’s not tech savvy at all. On a scale of 1-10, she’s a definitely a 1 (she knows how to send an email but does not know how to create a spreadsheet, no joke). She also shops online from random and unknown websites using her actual credit card and personal info. She posts on social media about her actual location and what she’s doing. There are so many security gaps here that it makes my cringe. You can see it too, right?

I’ve been in your shoes, reading all this thinking that it would be a hassle to implement these changes. I can assure you I’m actually SIMPLIFYING your digital life. I enter ONE password to gain access to all my other passwords. I have them auto-filled in the browser by the password manager. The VPN turns on and auto-connects when I turn on my computer with zero interaction from me. The browser privacy settings were configured once and I reap the benefit of it each time I browse the web. Ever since I implemented all the above, along with the habit of jotting down my to-do things and schedules, I feel my brain is de-cluttered and I’ve been sleeping better at night.

2 Likes

I’m guessing you’re being sarcastic,
But, just in case you’re not…
You actually can change your user account name with Wyze through Wyze.com.
You can change it via your profile settings page.
The other option is to delete your cameras from your account, then create a new account, and set the camera’s up again with that new account.

2 Likes

But , You can’t change your username (screen name) you can get it changed by contacting support or a moderator

2 Likes

One good thing to do is check https://haveibeenpwned.com/ to see if your email address has been included in any data breaches.

Reiterating what others have stated, use a password manager (Lastpass, 1password) with a very secure password, and make sure every site you visit you create a different random password for. That way if an account is breached, it doesn’t affect anything else, and with the password manager you don’t need to remember them. They all have apps for pretty much all platforms, so whether on your phone, tablet, or computer you’ll be able to access them.

Quick recommendations for the secure password for that - instead of trying to make it super complex, try to make it long ans easy to remember. Four to five random works strung together are a million times more secure than an eight digit random password. So make your password for the manager something like “PizzaHouseBlueTonkaHorse” and you will find it a lot easier to remember those 5 words, and with 24 characters it’s essentially impossible to brute force attack. Just remember to keep them random, don’t use a common phrase like “HaveAMerryChristmas”.

4 Likes

Is Wyse going to implement integration with an authentication app like Google Authenticator or 1Password so that we can just put in a random code INSTEAD of getting a code sent to a phone number?

The issue I have with sending to a phone is that my wife and I use the cameras and if she accesses the camera and needs the code it will get sent to my phone, not hers since there is only one phone number in the 2FA.

If we can use an app like Google Authenticator, then who ever has the app and the code, they can get in… which is way better.

3 Likes

I think you would be interested in this #wishlist request. :slight_smile:

Pick a two or three digit number. Pick a long verb. Pick a long noun. Put them all together, like 29BouncingPenguins, or 640ScreamingSpartans. Three random things are easier to remember than 20 random characters.

1 Like

As an added bonus, if you need a new name for your punk band, you can follow the same formula. :slight_smile:

…Or a 21st-century update for “The 12 Days of Christmas”

FIIIIIVEEEEE GOOOLLLLDD RIIINNNNGSSS!

2 Likes

Was the OP able to upload the intruder video to Wyze or did they post it here? Just my basic smell test, sorry for chiming in so late. I have all my “indoor cams” mounted outdoors so who really knows how many times I’ve been hacked.

I keep foil tape over all my Alex’s for the protection of the hackers :slight_smile:

Better to use a password manager, so you only have to remember one long passphrase, rather than trying to remember long passwords for every site. Also, keep in mind one will encounter some sites that limit the password to a rather short length, at which point being random becomes far more important.

Keep in mind that unless a site has truly crappy security, one isn’t going to be concerned about an account being compromised by multiple attempts at the password, as a site with decent security should start throwing up roadblocks after multiple attempts (e.g., rate limiting, or even blocking attempts from that IP address). What you are really protecting against is if someone breaches the company and gets the hashed password database and runs an offline attack against it, which can employ more sophisticated methods (such as a rainbow table), that will relatively quickly discover the passwords that are the least complex and shortest.

1 Like

NYRANGERS. Thanks. I really apprecate your helpful response.

Lock down your home Routers! Cable cos are very insecure we added a 2nd Router behind Spectrum’s with 2nd firewall and different password Cable co does not have.

Alan DeRossett

1 Like

I do not recommend isp routers, I believe that users will be able to better manage their firewall/router with ddwrt, pfsense, or really any non isp router solution.

1 Like

Consider this: Nearly everyone knows 50% of your log-in credentials! Your email probably remains the same across all your accounts, and that’s hardly private info. If someone hacks a password on one account, then they have the keys to any (and every!) other account that uses the same password.

Step 1: Never reuse a password! A good password manager should alert you whenever you attempt to do so.

Step 2: Never reuse an email address! WHAT?! That’s correct: if you use Abine’s Blur security/privacy manager, it will propose a different new email address for every account. Each one forwards to your real email address(es); if that organization spams you or sells your address, however, you can turn off that one forwarding address and eliminate the spam (you’ll also know who was the source of the spam!). Your replies are similarly masked. You can turn forwarding on again temporarily if you need to receive an account-related email from them, then turn it back off.

Abine has some other neat features, too: one-time “throw-away” debit cards for a specific amount, which can be refilled if it suits you; if someone steals that card number, it’s basically useless. Masked phone numbers which forward voice calls and texts; you can turn off or back on any caller/texter at any time. And of course the usual password manager features (it works on iOS devices too).

Oh, and no, I don’t have any affiliation with Abine except as a safe and happy customer.

4 Likes

Your password has been compromised from another website or your password is not strong enough to begin with.

2 Likes

@bkuri, can’t remember if you can actually set it up when outside the US, but Google Voice could be one way to get a verification text when abroad. It comes of course with all the standard precautions as any Google service.
FWIW, I did set up GV service here for a good friend who lives in Norway. She is using it daily “over there” w/o issues (I think she got a Kansas based number as there were no Seattle area numbers to be had).
If you have someone in the US you trust, they can of course do this for you.

That said, Authenticator app (clearly on the wish list) is the way to go whenever possible, but SMS based 2FA is sure better than nothing.

1 Like