[Updated 02-13-20] Data leak 12-26-2019

And speaking of multitasking and off-topic posts, anybody noticed lately that deleting large number of events no longer times out?

It seems the old app version was doing everything on the foreground thread which often leads to timeouts. And now Wyze devs have discovered background threads.

4 Likes

That definitely is off-topic! Though I am happy to hear that has improved. :slightly_smiling_face:

1 Like

Here’s an idea.

To make up for the **** storm in the EU.

Wyze could now let us use the Alexa skill in away of saying sorry.
And to mend what’s going on at the moment.

1 Like

Would be great to get new functionality, but just want to gauge expectations a little. It isn’t like Wyze has been holding out on the EU and simply flipping a switch will let you use all the functionality. There is a lot that would need to be done in order for them to offer this, and I believe they said it is on the road map, but it is probably a ways away. Also, the thing they’ll probably be doing for the next month or two is figuring gout how to make security airtight, so I’d expect a decrease in the number of new features released for the time being, and would take that as a welcome indicator that my info is being handled with even more care than it was before.

I’d probably agree. They’ve said international support is on the long-term radar, but I wouldn’t expect this situation to expedite that. If anything, it might delay it. The only thing that might happen sooner as a result would be non-SMS 2FA. If they implemented that, that would probably enable international users to use the feature, too, but that would really just be a side effect.

Except, in this instance, you can’t update the email address on your Wyze account. While this is a very good overall suggestion, it is not compatible with Wyze.

I think a lot of people assumed I and others were advocating for an international release when we were really just advocating for better 2FA than SMS. Part of the reason I advocate for that is selfish. I travel outside the US. When I do I can’t connect to the app nor my cameras etc. Of course the other part of the reason I advocate for better 2FA is because SMS 2FA is not very secure in comparison to the alternatives.

Now on a purely personal level the availability of Wyze products internationally is not a priority as it does not affect me other than the SMS based 2FA not working when I am abroad.
I do think the international market is a good idea but I also understand it’s an involved undertaking for a company. More than one company has had to close its doors because it went international before it was ready or before it understood the complexities.

So just to clarify, US based users do travel. While we travel it would be nice to be able to use 2FA security. And that’s why I have been perceived as advocating for international expansion when all I really want is the ability to use 2FA from Singapore or the U.K.

3 Likes

If you wanted a camera that works internationally, you should just buy one.

Sorry I couldn’t help myself. BTW with my set up I can securely view my cameras anywhere. Except for the “always connected” Wyze cams which are unfortunately not part of my network anymore.

Lol nice! Unfortunately or fortunately depending on your point of view the cameras do work just fine when I am abroad. What does not work is the SMS based account security. :grin:

2 Likes

Please add 2FA for other countries as soon as possible! Preferably via a authentication app.

1 Like

There are no production Wyze servers in china.

Yes, the inability to change your Wyze email account address definitely makes it more difficult (and hopefully that feature is coming soon). In this case you would have to create a new Wyze account with the new email, then re-register all your cameras under the new account. So it’s possible, but dumping the email is really a last resort only if it’s overwhelmed by spam.

2 Likes

Ugh.
All this figures. It was only a matter of time.

So, Wyze, how are you feeling about it being too expensive to support Apple’s Homekit camera security measure? Might not have prevented all of the fallout from this, but still.

That may be the only solution, but it is easier said than done, and it will take a long time to do. I have done it in the past, and is a serious pain to get done.
BTW, Wyze maintains your old email address. I now get duplicate emails from them, to the old and new address. They said I would have to delete the Wyze account, and re-establish one with a new address.

Contact Support and ask them to delete your old account.

I have to agree with @dieter I did go through creating a new login about 6 months ago. In fact midway through the process I temporarily lost the ability to login to either account at Wyze so I had to use a third address just to let them know. Now I get 3 copies of every Wyze email. And I have asked support and been assured, twice now, that they would delete the old addresses from their mailing list.

I suspect that Wyze like many companies, uses a third party application to do their mailing. And while they have probably asked that 3rd party to remove the email address in question they have not actually done so.

This is why laws like those in EU and even California are so nice. They attach a monetary fine for each violation like that, it tends to make tech companies pay more attention. :wink:

2 Likes

Hey all… Does this “thumbnail” the thing well? Suggested additions? Corrections?
 

Alleged Wyze Wyze Notes
Servers Exposed   Yes (mult)   Yes (2)
Prod Servers Exposed   Yes (mult) No   A Prod server is “Live”
Passwords Exposed No No
Tokens Exposed All Yes   Limited #, Alexa only
Email Addr’s Exposed Yes Yes
CCards Exposed No No     None stored by Wyze
 

 
Suggested addition:

2 Likes

You stated that WiFi SSID, internal subnet layout was leaked. Does this mean my home router is compromised. How can I fix that?

No, the Wifi passwords were not in the database, just the SSID which anyone driving by you house can see anyway unless you have it hidden, but even then it’s not really hidden

2 Likes

Production data exposed: Yes - Yes (some)

1 Like