I understand the password wasn’t involved in data breach, but I will still be changing mine. However, can Wyze staff let us know if our passwords are stored in the Qyze production database hashed or as plain text? It would give me much more peace of mind if it were hashed.
The passwords should not just be hashed, but should be salted too.
@WyzeDongsheng - can you indicate if salt + hash is part of your password security strategy?
Thanks.
1 Like
Especially in this day and age of credential stuffing. If the password were stored in plaintext and stolen, hackers could use the combination of your stolen email address (and/or user id), paired with your stolen password, and try this combination at many, many websites such as banks, amazon, etc. to see if you use the same password. This can’t be done if the passwords are stored salted/hashed.
1 Like