[Updated 02-13-20] Data leak 12-26-2019

So what if someone knows your ssid. I Can stand out side your house and find it anyway…

Wyze also sent out a msg within the app to say about a security issue…

Wyze are unable to confirm… They are working on it. At least they told us… How many large companies tell people after months and months… So what if an email address and ssid…

They have not said anything about passwords so maybe people should read the original post my wyze

Three more days . :sunny:

1 Like

Regarding the general user base (ie users who own Wyze products, but don’t regularly, if ever visit the forums/social media), what do they know at this point following the confirmation?

I myself never received any emails. The information that I received through the app (attached below) does not indicate exposure of any sort.

Please correct me if I am wrong, but at this point I don’t believe the user base outside the forums knows what happened.

1 Like

The original post by 12Security did not mention passwords and neither did Wyze’s announcement. So I’m confident that passwords were not leaked.

While forum users sometimes tend to get very technical, I think Wyze does a good job in their official announcements of keeping the terminology accessible for the average user.


Anybody having issues reconnecting the Alexa skill?

“We were unable to link Wyze at this time.”

Pretty annoying all this… Wonder how many more oooopsies they have lieing around…

We really need a way to make these devices local only… Tired of this irresponsible cloud security. Alternative firmwares I’m looking hard in your direction…

1 Like

Here’s a primer on reconnecting Alexa: Here's what to do if your devices stop responding through Alexa

This is all I received from Wyze by email.

Hey Friends!
We’re seeing multiple reports of failed login attempts with 2-factor authentication. If you recently tried to login to your Wyze account and the login attempt failed, hang tight! Our 2-factor authentication servers have been overloaded by requests and we will likely need a few hours to catch up. We have all hands on deck working to resolve this issue.
Also, if you linked your Wyze account with Alexa, Google Assistant, or IFTTT, please re-link the services.
We’ll get your Wyze account back up and running ASAP! We’re so sorry about this!

Would have been nice to email us even tough our PW was not released to have us change it for peace of mind.
Came to Wyze forum and found this tread.
I did not login my Wyze app until other could login to theirs first.

sign…the newbie.

I thought it was quite obvious when we got that message… Also wyze can’t tell people much until they know themselves! It was handled very quickly. Again, there is no mention of passwords! Re read the original post… All the other data breaches it takes months for the information to be leaked they have been hacked… Wyze have not confirmed there was a data breach…

1 Like

From the official messages I received in the app, I did not find it quite obvious that data had been exposed.

1 Like

Appreciate the link but the error I get is following these steps after I login for authentication.

“We were unable to link Wyze at this time.”

Looks like some crap on wyzes end… Sigh…

Thanks for sharing!

1 Like

“Wyze have not confirmed there was a data breach…”
scared me … for peace of my mind I changed my Wyze PW just in case they confirm latter it was exposed.

sign…the newbie.

Changing SSID is a waste of time. Available tools like WiFi Analyzer will expose all SSIDs, MAC addresses, and more…

I would assume an email is coming soon. They’re probably still determining the full scope. It’s been less than 48 hours.

This is my biggest complaint about cloud based anything and why I have minimal important stuff on any remote servers. You can name it a cloud, you can call it what you want, but ultimately it is just a file server being maintained by fallible humans. Ya, I got 20 + character crazy passwords no one would seriously bother to try to crack, but it’s still a hassle to deal with the eventual flood of spam. Gmail does a decent job of filtering but it’s still a royal PITA to scroll through pages upon pages of spam to be sure legit email didn’t get mis-filtered. Anyway, if you’re concerned about your email, check out https://haveibeenpwned.com/ - it can take a while for new breaches to appear. He also has a site to check passwords.


Obviously you and I know that - I was merely suggesting a way that those worries about SSID might find some peace of mind.

You’ll note in my earlier comment to which you replied, I indicate it is a non-issue. :smile:

My SSID isn’t broadcast. So, no one should see it.

I have not received any notification through the app. The only email I got was very generic and downplayed the significance of the issue.

I concede that, the only email sent (thus far) to the user population at-large was, well, less than transparent, and agree that almost none but those here in the forum are currently aware of the issue.

Regarding a hidden SSID, please know that it is absolutely, 100% no safer than broadcasting the it. More info here: Why SSID Hiding Is Not Secure


Can get ssid details by war driving so not sure why some people are so hung up by this!

The email that was sent was dealing with the immediate issues, which was the fact that users may have had immediate problems logging into the app, using their Alexa skills, etc. It was also sent before they had verified the breach, so it wouldn’t have been smart to put people into panic mode, especially since they didn’t have answers yet. Keep in mind, they’ve known about this for less than 48 hours. They’re probably still in fact-finding mode. I expect that they’ll probably send an email to everyone affected within the next few days, once they can give more full information and determine exactly which users were involved. (For example, if I understand correctly, it seems like users who joined after December 4th would not be affected.)