[Updated 02-13-20] Data leak 12-26-2019

I couldn’t agree more, the WYZE team is great and the Mods and Mavens they have assembled are very knowledgeable, friendly and helpful

The Wyze email of 12.31.19 6.08 AM mentions that “WiFi router names” could have been compromised. Should those names be modified, or should the network name be modified? Or both?

Thanks.

No, it’s not necessary. Your router name (SSID) is broadcast anyway and is visible by anyone within range of your WiFi such as neighbors, people driving by, etc. Even if you have it hidden, it’s not truly hidden. Since the passwords were not in the database, there should be no loss of security for your router.

It’s your decision, but I don’t see any compelling reason to change that, especially if you already broadcast your SSID publicly like most people do.

I agree with the two previous answers. Every once in a while my neighbors Wi-Fi pops up as a choice for me but it’s locked so I can’t use it but I can see it

01-06-20 Update

Hi everyone,

We have completed the initial steps of the internal investigation and are continuing through the process. We wanted to fill you in on what we’re doing in response to the data leak.

Data security will be our top priority over the next few months. Because of that, we will be adjusting our previously expected feature and product roadmap. Here are tasks we are working on internally with the goal of completion over the next few months:

• Independent cyber investigation (investigating how this leak occurred)
• Security assessments and audits by 3rd party security companies (validating our security and privacy environments)
• Penetration tests by independent security companies (authorized simulated cyber attacks to evaluate the effectiveness of our security system)
• Revisiting security settings for each Wyze server
• Reviewing our internal security policies and practices
• Improving security processes, tools, and training across Wyze

This is the beginning of our checklist that we are going to be accountable for and we are open to feedback for items to add to this list.

We are also adding multiple public-facing features that will improve security for our customers in the coming months. We’re in the beginning stages of research for some of these and several will likely take significant changes to our back-end systems. This makes it difficult to give estimated timelines for these high-priority projects. We are continuing to take note of all of the security features you are requesting in the comments and in our Wishlist. Here is the list of features we have prioritized and started researching right now:

• Adding the ability to change account email addresses
• Other methods for multi-factor authentication besides SMS (including an authenticator app)
• Multi-factor authentication to Wyze websites
• Adding a website that will make learning about Wyze security easier and provide a dedicated channel for reporting any potential issues

We welcome further suggestions through the Wishlist. We’ll evaluate this feedback in concert with the recommendations from the security companies we are working with. Our goal is to take steps in the correct order to improve your security.

Thank you for all of your comments so far and we’ll add another update when we have more to report.

Moderator Note: The #wishlist topics for the first three bullet points above can be found at the following links. Please vote and/or comment there.

Ability to Change Email Address
Add authenticator app(s) for 2 Factor Authentication (2FA)
Two-Factor Authentication (2FA) for Wyze Web Account

This is all awesome to hear! And it represents a lot of work, time, and effort from Wyze towards protecting our security and privacy collectively. Thank you and the rest of the team for continuing the great Wyze tradition of keeping your users (me) informed.

I am terribly sorry this happened but glad to see the reaction it got. Both from the majority of the user community as well as Wyze itself.

I think the list of what’s coming contained my personal top 3 or 4 and I am sure others will share any missed items.

You’re welcome, Robert! I shared your feedback with the team. We appreciate your support and the time you’ve taken to discuss these topics with us.

Thanks for the security update. I think it’s a very good list of actions and priorities.

We appreciate you letting us know! Thanks, Plaidsky.

Once again you have not let us down. Wyze is setting the standard that other companies need to start to follow. Thank you to the entire team and we appreciate what must’ve been a Herculean effort.

With all those cameras mounted throughout Wyze Central you might could mash together an awesome time lapse of the activity flurry that yielded such calm and measured updates.

Hah! Well, a lot of it happened when parts of the team were traveling or out of the office so it would probably be a little more boring than one would expect.

Thanks a million for the update Dongsheng & Gwen, those would be a proportionate response to this incident.

What a lousy Christmas this must have been, thank you for working hard to retain and restore our trust.

I would assume, given this predicament, that the early January EA release of the Wyze Lock will also be put on hold? Might there be any timeframe for its shipping? I understand that you might want to get the fundamentals right in terms of security before introducing any new devices into the mix. If you can offer some clarity on that it would be appreciated.

Thanks once again, and Happy New Year!

Brian

You’re welcome, Brian.

The EA orders for Wyze Lock are still shipping out this week. Though timelines for launching/shipping other products that were in the works are being discussed and may be adjusted to accommodate the security feature development.

Happy New Year!

Regular orders are shipping out quick. I’ve placed two orders since the incident and they are both shipped rather quickly. So kudos to the team for keeping up on getting orders out and keeping customers happy. Can’t wait for my next shipment should be here in a few days!

You guys are amazing!

Thank you for the update, this is all awesome to hear. I just wanted to confirm since this update didn’t mention it, but based on your investigation you haven’t found any other data that could have been leaked other that what was confirmed in your previous posts?

Thanks for the great work and responsiveness through this ordeal!