And I’m sure they will.
If you came here looking for a fight, I assure you - I’m the wrong person.
Calm down, read all my comments here and you’ll have a complete picture.
I admit, my earliest comments were terse; I, like many others here, were and are concerned about this.
EDIT: I’ll add this - you think DDoS attacks are history? You aren’t aware that these are happening every moment of every day, but that you just don’t know about it because IT professionals in organizations all over the world spend their time mitigating these attacks? Get a clue, buddy.
1 Like
Let’s all be honest with each other regarding the email.
-
Wyze made a calculated, public relations decision to willfully omit that they were investigating the - at the time - “alleged” breach. They needed to maintain composure, and their reputation, in the event that this was a non-incident. They are a business, and I for one want to see their business survive this incident. I’m on the fence, but I’m not convinced they deserve complete outrage over this.
-
Equally true, is that a subset of users (us, here in the forums) have been discussing this for 24+ hours. The remaining, at-large user base is still to-be-notified, and when they are - and find out about the forum and earlier discussions - many will be pissed. And the honestly should be.
This is one of the many situations in life where “you’re damned if you do, and you’re damned if you don’t”.
EDIT: they’ll > many will (I didn’t mean to imply such a sweeping generalization.)
2 Likes
I only found about the forum due to a support ticket bringing me here.
But, if I didn’t know, until they sent an email, I personally wouldn’t be pissed. I guess I have been in the business too long to know that I as a consumer am the last to know. Lol.
It’s not like this is the first time my data has been leaked. Google, Facebook, and the many other companies I have signed up for that has gotten hacked or data leaked.
I was more worried about access to cameras, and I do not think any of us has to worry, due to limited time it was exposed and because only Alexa tokens were exposed. If you did have Alexa connected, there is so risk, possibly, but I am not sure, since I am unsure if the tokens exposed could give camera access. But due to the time frame, I seriously doubt anyone gained access to the cameras, which is my main worry.
2 Likes
Thanks for the continued, thoughtful posts.
You and I are less concerned, perhaps, in part due to our understanding of IT (I presume you too are in the industry).
For all the lay users out there, many will hear “data breach/leak” and be very worried, and potentially upset at the information timeline.
I agree - the real concern is “is an unauthorized user accessing my cameras”, and unless I’m mistaken, I think you and I both agree - based upon the information at-hand, and Wyze’ immediate response to proactively revoke tokens - that it is currently unlikely that our cameras are exposed.
1 Like
It wasn’t mentioned. Was the responsible employee terminated? Incompetence should be properly rewarded! Show me you are REALLY serious about taking corrective action.
MOD NOTE: Post edited to conform to the Community Guidelines
I think they were just force choked by a sith. I can neither confirm, nor deny.
1 Like
Also, to reiterate…
Wyze has, literally, MILLIONS of users. Imagine trying to constructively manage a blob like that in a potential crisis. Imagine.
I know, it’s their job, but…
They’ve done quite well thus far. Relatively openly. And fast.
6 Likes
I did not realize you had been party to internal discussions at Wyze. I thought you were merely speculating. Any comment on when the new camera with lasers is shipping? 
Haha! Well, to be fair, at this point I don’t think we need an IT degree or MBA to read between the lines…
EDIT: Unfortunately, my business acumen alone doesn’t provide insights into the product pipeline. 
EDIT2: The email could have included similar language to this: “…This 2FA issue was taken as a proactive step towards enhanced security, following reports of a yet-to-be proven threat to our users”.
Why do you suspect that language wasn’t included?
forget standing outside… Google Maps has been harvesting SSIDs for about 5-6 years now… every time you use it (or one of your neighbours) it sends the “map” of SSID’s around it to help finetune locations… the google maps cars were also “busted” war driving and collecitng them a few years ago… as long as it’s not sending the PSK you are fine.
2 Likes
Waze may not have a choice in who they notify. Some states have a mandatory disclosure law when any PII is exposed… I forget which one it is, off the top of my head, but one state has PII criteria listed as “your email address”. depending on the size as well the local “privacty authority” would need to be notified as well. since I’m guessing that Wyze has the lat/lon then they would need to figure out state by state (and country) each law and which ones they are required by law to discluse to the user and the local gov auithority.
We are going to send an email to all affected customers but we aren’t quite done with the process so we’ll be sending it out later when we have more information. We agree that it’s important that everyone who was impacted find out but we also want to be certain that we have all of the information available and confirmed before we do so.
22 Likes
Ah, right! I had almost forgotten about the Google incident! And yup - many websites aggregate the collection of SSID from devices; not really any increased attack vector with this info.
1 Like
I’m not really worried about my SSID being public, but just curious, what was the purpose of storing the SSID in the database? The app doesn’t really need to keep the SSID after a device is setup, and the devices will need to store it locally on itself, right?
We don’t disconnect a connection when it was already established. That was why raym64 can still view his camera stream. We invalidated the tokens in the cloud which means all leaked tokens can’t do any harm in the cloud.
When you exit and reconnect, it will ask you to login
14 Likes
This is what I thought as well, thanks for posting this. I do think there should be a way for us as consumers to stop all streams, or possibly see which devices are running a stream. That’d be nice. Also an alert if a new device streaming. That would be even better!!!
Thanks guys!
5 Likes
Well I believe in WyzeGwendolyn and the rest of the team. I do honestly believe that they have our best interest at heart and they try their best. So much so that I placed an order yesterday.
1 Like
They really seem to care about their users at Wyze. I only have V2s and Sense items but all of them are better and have gained more functionality than when I first purchased them. I was already satisfied with the initial product but more features keep getting added at no additional cost to me. I can’t think of too many things that I have purchased over the years that gain more value as they age. Keep up the good work Wyze!
3 Likes