We’re seeing multiple reports of failed login attempts with 2-factor authentication. If you recently tried to login to your Wyze account and the login attempt failed, hang tight! Our 2-factor authentication servers have been overloaded by requests and we will likely need a few hours to catch up. We have all hands on deck working to resolve this issue.
Also, if you linked your Wyze account with Alexa, Google Assistant, or IFTTT, please re-link the services.
We’ll get your Wyze account back up and running ASAP! We’re so sorry about this!
Would have been nice to email us even tough our PW was not released to have us change it for peace of mind.
Came to Wyze forum and found this tread.
I did not login my Wyze app until other could login to theirs first.
I thought it was quite obvious when we got that message… Also wyze can’t tell people much until they know themselves! It was handled very quickly. Again, there is no mention of passwords! Re read the original post… All the other data breaches it takes months for the information to be leaked they have been hacked… Wyze have not confirmed there was a data breach…
This is my biggest complaint about cloud based anything and why I have minimal important stuff on any remote servers. You can name it a cloud, you can call it what you want, but ultimately it is just a file server being maintained by fallible humans. Ya, I got 20 + character crazy passwords no one would seriously bother to try to crack, but it’s still a hassle to deal with the eventual flood of spam. Gmail does a decent job of filtering but it’s still a royal PITA to scroll through pages upon pages of spam to be sure legit email didn’t get mis-filtered. Anyway, if you’re concerned about your email, check out https://haveibeenpwned.com/ - it can take a while for new breaches to appear. He also has a site to check passwords.
I concede that, the only email sent (thus far) to the user population at-large was, well, less than transparent, and agree that almost none but those here in the forum are currently aware of the issue.
Regarding a hidden SSID, please know that it is absolutely, 100% no safer than broadcasting the it. More info here: Why SSID Hiding Is Not Secure
The email that was sent was dealing with the immediate issues, which was the fact that users may have had immediate problems logging into the app, using their Alexa skills, etc. It was also sent before they had verified the breach, so it wouldn’t have been smart to put people into panic mode, especially since they didn’t have answers yet. Keep in mind, they’ve known about this for less than 48 hours. They’re probably still in fact-finding mode. I expect that they’ll probably send an email to everyone affected within the next few days, once they can give more full information and determine exactly which users were involved. (For example, if I understand correctly, it seems like users who joined after December 4th would not be affected.)