[Updated 02-13-20] Data leak 12-26-2019

I haven’t seen the moderators delete any comments unless they devolved into name-calling and things like that. Sometimes they’ll redirect comments into the proper threads to keep things organized, but that’s not the same thing. Comments like yours are perfectly fine.

3 Likes

looks like someone is doing a hit job on Wyze (regardless of the reasons or validity) so there went most communications from wyze to users. Suspect everything will have to be said very carefully from this point forward (and will take forever to release statements)

Maybe they should hire a PR firm as well as a good Security Consulting company…

2 Likes

“Song showed his dissatisfaction with how the two parties, Twelve Security and IPVM, handled the data leak disclosure, giving Wyze only 14 minutes to fix the leak before going public with their findings.”

Imagine the dissatisfaction of a Wyze user learning about this security breach in the news. If this was exposed on 12/26, why—on 12/29–hasn’t there been a single email from Wyze to users about this breach??f

2 Likes

This is disappointing.
I had faith in this company, being small and a startup.
:frowning:

It was reported on 12/26 with no advance notice to Wyze. (Which is a very shady way for a “security firm” to behave) Wyze wasn’t able to verify it until the following day, the 27th. They’ve posted several updates since then, and they’re still fact-finding. They’ve already said that they’re planning an email. I expect you’ll see one very soon.

2 Likes

Welcome to the community!!

yea, it is very sad the events that have unfolded here. Wyze will be sending out an email soon.

The “security firm” did not submit the data in a way that is the way all other security firms submit their findings, and this has caused a confusion amongst customers because it hit the news outlets before it was supposed to, leading to the issue of timing.

If you owned a business like Wyze, and put yourself in their shoes, you may understand why the email has not been sent out as of yet.

3 Likes

This is turning out to be more and more problematic. While I’m in no position to speculate on the china allegations, the lack of proper security is very troublesome. Wyze needs to reevaluate their strategy for new products right now, and put all of their focus into a redesign of their security, properly will help from an external trusted security company, if they want to have any chance to maintain their good reputation.

They can’t use the “we are new” excuse anymore, not with the amount of customers, products and data, they have the responsibility for.

14 Minutes is a life time in the cyber world !
We are not technology-illiterate people.
Stop outsourcing security to off-shore and hire American !

A friend sent me a Market-watch link last night ( (12/29): Smart-device maker Wyze confirms data leak that could affect millions - MarketWatch
It has been updated since to state"Co-founder says no passwords or financial data were exposed".

It’s apparent that the team is working very hard to identify and resolve any customer harm.
My first instinct was to go to the Wyze homepage, NO EXPLANATION found.
I then found this forum thread: you are here: [Updated 02-13-20] Data leak 12-26-2019
This morning I received a “Welcome to Wyze.com!” from store@wyze.com but NO EXPLANATION.

The absence of a homepage link to this thread and the absence of an e-mail blast to users creates the impression of something to hid in our conspiracy theory driven world. PLEASE be even more forthcoming and err on the side of over-communication.

I purchased my WyzeCams for secure(encrypted) cloud storage. Does this breach tell me that the keys to the secure video storage are NOT secure?

Nevertheless, I am comfortable while awaiting a fully informed response from the Wyze team. My setup:

  • 2FA enabled
  • Separate IoT SSID for Wyze Cameras
  • No WyzeCams in living spaces

oh, yeah, I changed my password too. 'cause you know, paranoid. (it couldn’t hurt)

1 Like

I will still support Wyze because I hate big companies especially telecoms etc, with their death grip monopoly on everything.
You want into a grocery isle and you have the option of 500 cereals but want to get health insurance and they are just 2 or 3.
PS: the 500 cereal choices is just an illusion - 99% are owned by 1 company.
That’s your stupid Lessie Faire for you.

I suggest you do some more reading. That particular blog post has been responded to many times. Wyze has been very forthcoming about what was exposed, how it was exposed and why it was exposed. And of course what has been done to mitigate the exposure.

Have you seen the new blog post from 12Sec this morning?

Not yet, to be honest I don’t pay that particular source any attention. They did not handle anything about this in even close to a professional manor and they drew some pretty laughable conclusions.

Yep they did indeed stumble on an exposed database. But as they say even a broken clock is correct twice a day.

Seriously, read their post about Credit Karma. That’s when I realized they did not even understand how the domain naming system works. And when I decided to ignore anything else they had to say.

2 Likes

Excellent Wyze :clap:t3::clap:t3: Stellar way to conduct business, only question is WHY?!
Sincerely, pissed off!

OH and don’t come AT me for this, contact Apple.

If you ever get an answer to the why question please share. I have the same question for @700 odd companies that have had serious breaches in the last two years.

3 Likes

Yea!!! I’m pissed too. Why did Twitter, Facebook, Home Depot, Target, and all these other companies I use do this?

It seems to me everyone is wanting to just give my information to the public without asking me first. Or let those hacker’s get in and take my information.

/s

I just found out about this data breach. It is major. I immediately went to the Wyze website and then to this forum looking for a statement from Wyze. I have not found any comment from them. They owe us all at least details of the breach and an apology and reassurance that corrective measures have been taken to prevent such events in the future. Here is an interesting statement from a third party security consulting firm. Wyze Essay 1 - Your information is exposed.

I don’t think they want to GIVE your information, they are probably selling it. And it’s likely that within the million words of legalese in the TOS you signed away the rights.

1 Like

Lol… FYI, /s at the end of my post means I’m being sarcastic

:smile::smile::stuck_out_tongue_closed_eyes:

Edit: maybe you being funny too though, but you are right :slight_smile:

1 Like

That’s fair. They certainly did not handle disclosure properly - at all.

Yeah, their reputation is pretty much non-existent, but it’s worth giving a read. I don’t want to give them any sort of validation, but they are making some additionally concerning claims today.

1 Like