Are you using the Wyze app to visit the support chat? I’d use a browser or something outside of the Wyze app to visit the support site if I needed to chat. But like stated many many times, in this situation the Support chat is not the first course of action, I’d email the security@wyze.com first.
Sorry you are experiencing this, but while the Support folks are great at assisting users, they are not the correct contact for this issue.
Thanks all. I emailed security@wyze.com and will circle back if/when I hear anything. I would have hoped customer service would route me to the correct department based on the situation, but clearly that’s asking too much
Yes, I think we all agree that they likely should have recommended this to you when you contacted them. Can you look up your Support ticket numbers so that one of us can pass that feedback on to someone for some coaching or future improvements for similar situations? Appreciate you sharing so that things can be improved.
Privacy of IOT devices should never be taken for granted. I’ve witnessed breaches on sensitive industrial IOT devices with multiple layers of protection. I assume my consumer WiFi cameras are always at risk, they don’t see or hear anything I wouldn’t feel comfortable sharing. It’s just the world we live in.
I have also contacted security@WYZE and I’ve submitted a log. In the meantime I’ve been thankful for this forum and the support and concern. I have been a long time customer of WYZE and up until now have had little complaint with any of their products we have purchased.
I second what @Member20 said. The community has been incredibly responsive and helpful with the situation.
I emailed security@wyze.com and they got back to me the same day saying they found a suspicious login with an IP address that after looking up, appears to be located in Detroit, Michigan (I’m in NJ). I said that was helpful and asked if they had any more info they could share and didn’t hear back last I checked. It sounds like someone was able to get access to my credentials and login to the app legitimately.
The strongest defense against credential stuffers getting your user\pass from a breach somewhere else and matching it to your account is to use the two factor authentication and never use the same password on any other site. Even better is to use unique, long, randomized passwords.
By any chance do you use LastPass Password Manager?
Yeah. Read that. Been tracking it since it happened. I have come across one other Wyze user who had their credentials breached in that incident. But, since that happened it seems there has been a slight increase in reports of unauthorized account access.
I emailed the security@wyze.com and received an automated reply that states…
“This email address is not monitored”
So, do they no longer provide security support? We suspect a specific individual has been logging in to my parent’s camera to listen in on family discussions. There are upcoming legal proceedings against this individual and any evidence we can gather off this behavior will likely be helpful. The camera has recently been unplugged so they can’t access it any longer but we’re avoiding updating password or changing any other settings to avoid “tampering” with logged data.
Interesting. I wonder if someone started spamming that email address so they stopped monitoring it. Spammers ruin everything.
They do. You probably have to go through support first though, then support will send them a support ticket and they will initiate contact through email that will allow communication to bypass their filters, similar to what they do with their support emails. They will do support through email, but you can’t just send an email to the support email address. You have to initiate it through a submission on their website.
Sadly this is becoming very common for most companies, because if they allow an email to initiate first contact, then their agents get subjected to spam, security risks, and illegal content that could leave them liable for subjecting their employees to it. Forcing contact through a form or support ticket first that spammers can’t blast as easily can be a necessity nowadays. I would know…I own businesses myself.
This is the first I hearing that Wyze finally stopped monitoring that email address though. You’ll almost definitely have to initiate contact through support first though. I’ll still see if I can ask an employee about the change.
Update - I used chat to talk with support. They were of no help so i requested they get me in touch with the security team. They contacted them on my behalf and now I’m in a conversation with the security team via email (still via support@wyze.com though)