[Updated 02-13-20] Data leak 12-26-2019

What problem are you running into when you try to log in? I believe the 2-factor authentication outage has been fixed now.

Yes my folks only wyze cam that i setup in thier garage so that they can see if they closed the doors, is using the RTSP firmware.

They reported that it had no issues all during this event. only the app on thier phone wuld not work.

And I also see lots of whining about how how pissed off some users are getting about the inconvenience of being locked out of their app for a while. You realize this is a cheapo $20 cam and free service right? this is NOT some $300+ cam (each) plus expensive monthly could storage fee based device/service.
This little cams i do not expect or treat them as proper “security” cams and should not be relied solely on for security if you are away or for any reason as such and have 100% reliability.
I have a hardwired Ubiquiti UniFi IP cam setup in my small apartment, and a full on Swann CCTV with local DVR setup and my grandparents home. Local server.storage, with optional remote access that I control locally, no shaddy cloud servers etc. its direct ip to p2p connection.

You get some very good value for the cost of these cams and plugs, but, i for one do not subscribe to the idea of getting 100% reliability out of them or the cloud service, for such a low cost device.
That being said, for me personally, I have only ever had minor short issues with their products/service. And a reason for a outage or glitch, being a security measure taken in response to a possible security breach, is very much acceptable to me. The email and info i used on such devices are junk emails that i do not use for anything else. It is pretty foolish to use your real email and same password etc for things that are easy to hack/compromise.

I still don’t see any updates to as if this breach was actually legit or not.


I got in. All looks normal and working properly.
All event-triggered 12 second clip and MicroSD card data are intact.

Now I will change my password.

Are OK with your plugs not working on Saturdays? Are you OK with your plugs turning on 30 minutes late?

It doesn’t really matter whether it costs $20 or $200, they promised those features, so you expect them, sounds fair?

1 Like

what do you mean by re learn for Google echo? it shows up in Alexa… do I have to delete and re add? ur kidding right

If you had Wyze connected to Alexa or Google Home, you will need to reconnect it. It sounds like you’re using Alexa, right? If so, follow the directions here.

Yes and that is why they are cheap. To properly do rtsp and not rely on the cloud they need to run a small web server.

That was kinda the point of the parts you omitted from the quote.

And you didn’t get my response. The cameras are already streaming videos now. What do you think is happening when you view the livestreams?

No web server needed.

Sure if you are ok with having to stream to the cloud. Sharing your login with the company and having to deal with data breaches.

That’s the point of wanting rtsp to get streams direct from the camera without relying on the cloud. The current rtsp solution has no security at all. And apparently still requires cloud access. I didnt even try it once I saw it lacked any kind of security.

To do it with security you need the small web server. Which they likely dont have as they are so cheap…

1 Like

When you view a livestream, it’s a point-to-point connection – no cloud involved.

Are you equating servers with webservers? They are not the same.

As for security, everything is supposedly local, no access from outside the LAN, except maybe via VPN, That’s secure enough.


@photolevine @bbug Are you guys sure you saw a reference to “hualai.com” and not “com.hualai”? On Android, Wyze’s ID for purposes of the Google Play store is “com.hualai,” which you can see referenced in this URL. I don’t know the exact history or reason for that, but I’m assuming it’s related.

Regardless, “Hualai” is definitely a name that’s associated with Wyze in some capacity, so I wouldn’t consider this to be suspicious.


I am equating it to the same or similar method an axis surveillance camera uses. You type the ip or dns name of the camera enter the username and password and then view the stream.

You cant do that with these. Likely they lack the horsepower to host it… my old dlink was similar also. To set it up you browse to the ip configure it and then watch it. Even with no internet you can watch it as long as you are on the same network.

I haven’t tried to pull my internet and view my wyze camera but I imagine it would fail.

Edit I tried it. Pulled my modem from the router while connected to the same wifi as the camera and could view the stream. It likely worked as I was already logged into the app. Would be nice if the camera managed authentication and not the app…

There was an outage related to 2-factor authentication tonight. As a security precaution, Wyze revoked everyone’s security tokens so that they’d be forced to log in again. When they did that, it caused an overload on the service they use for 2-factor authentication, which made it difficult for people to get in. Last I heard, those issues have been solved now, but if you are still having problems, it’s more likely related to this outage/overload. I doubt it means that someone is trying to get into your account.


As @nerdland pointed out there were some issues and as of the latest update by @WyzeGwendolyn you should be able to log in, if you still have issues you should contact support, I have linked their post below


A webserver is a type of a server that caters to web browsers. It emits html and/or xScript to layout a webpage. You don’t need all that formatting function if all you need is to serve pure video.

As for security, the current RTSP firmware is no more and no less secure than the stock firmware. The only difference is the transport.

You realize that cameras with RTSP firmware’s livestreams can be viewed from the Wyze app? That you don’t need to type in the password every time? You’re typing the password and IP only because you’re using a non-integrated client (VLC).

BTW, I worked with Axis cameras.

1 Like

Yes, app’s UID is com.hualai. I was trying to understand his/her statement.
That’s why I said, “If you’re correct”.

1 Like

Honestly, the whole scenario was so unprofessionally handled by these two “”“security/consulting”“” firms that I’m having a hard time believing any of it. Seems more like an attack on wyze posing as some kind “helpful reporting”. Twelve sec and ipvm are definitely dubious sources at this point at best.
A similar event happened when it was “reported” that AMD had issues to related Intel’s security flaws … Awful convenient this is happening around the holidays just after the Ring camera scares in the news (which appear to have been the fault of the user and their credential stuffing).


“Bone density…” 《snort》From a light bulb? Please…

They are beta testing a smart scale.

1 Like