[Updated 02-13-20] Data leak 12-26-2019

01-06-20 Update

Hi everyone,

We have completed the initial steps of the internal investigation and are continuing through the process. We wanted to fill you in on what we’re doing in response to the data leak.

Data security will be our top priority over the next few months. Because of that, we will be adjusting our previously expected feature and product roadmap. Here are tasks we are working on internally with the goal of completion over the next few months:

  • Independent cyber investigation (investigating how this leak occurred)
  • Security assessments and audits by 3rd party security companies (validating our security and privacy environments)
  • Penetration tests by independent security companies (authorized simulated cyber attacks to evaluate the effectiveness of our security system)
  • Revisiting security settings for each Wyze server
  • Reviewing our internal security policies and practices
  • Improving security processes, tools, and training across Wyze

This is the beginning of our checklist that we are going to be accountable for and we are open to feedback for items to add to this list.

We are also adding multiple public-facing features that will improve security for our customers in the coming months. We’re in the beginning stages of research for some of these and several will likely take significant changes to our back-end systems. This makes it difficult to give estimated timelines for these high-priority projects. We are continuing to take note of all of the security features you are requesting in the comments and in our Wishlist. Here is the list of features we have prioritized and started researching right now:

  • Adding the ability to change account email addresses
  • Other methods for multi-factor authentication besides SMS (including an authenticator app)
  • Multi-factor authentication to Wyze websites
  • Adding a website that will make learning about Wyze security easier and provide a dedicated channel for reporting any potential issues

We welcome further suggestions through the Wishlist. We’ll evaluate this feedback in concert with the recommendations from the security companies we are working with. Our goal is to take steps in the correct order to improve your security.

Thank you for all of your comments so far and we’ll add another update when we have more to report.

Moderator Note: The #wishlist topics for the first three bullet points above can be found at the following links. Please vote and/or comment there.

Ability to Change Email Address
Add authenticator app(s) for 2 Factor Authentication (2FA)
Two-Factor Authentication (2FA) for Wyze Web Account