What is up with the data breach?

Read the post

It explains that as a precaution Wyze logged everyone out & forced new api keys. The login servers are being overloaded by 2 million users trying to set new password.


I was just signed out of my account… had to change my password to get back into it… Sure hope this is just a joke and not a real hack…

As a security precaution they reset all the login tokens. Further info can be found below


FWIW … regardless of Wyze actions, this still feels a bit “leaky.” I’ve disabled all my cameras, as in powered them down. Time to re-evaluate.

I don’t recall having that setup on my account and I cannot log in at this time. “Please enter a valid number” error even after resetting my password.

Info can be found below, but the cause is everyone trying to log in since the log in tokens were reset

Only you can decide what is best for you , so do what you think is best


After logging into the app, a notification of an “Important System Update” is being displayed.

Doesn’t anyone think that this is kind of fishy?
Height, Weight, Gender, Bone Density, Bone Mass, Daily Protein Intake, and other health information for a subset of users as some of the data that was exposed?

As of yet the alleged breach has not been verified. The official information can be found here

I agree, but what I’m trying to figure out is how does Wyze know how much I weigh, and how much protein I eat. Maybe I am kind of cynical, but that last line screams to me of trolling. Maybe I’m wrong. I really don’t know.

If verified to be true, I assume that would be related to hardware testers for the Wyze Scale.


@nerdland beat me to it but yes I am guessing those are items for the scale test


Hadn’t thought of that. Kind of off my radar.

Maybe I am just getting old and tired.


At least I can still turn off my lights with the Alexa app. I have no cameras but I’m not sure that I remember how to use a light switch, and I’d hate to have to ask my wife how to do that. Hoping when I get up for with on the morning all will be right in the world again.


After reading the entire IPVM post an report, this seams pretty bad and more than just alleged. They even provided screen shots the accessible data from one of their own employees as proof of the breach. I also didn’t know about the lawsuit they mentioned.

I’m pretty sure the lawsuit is from a patent troll, but I don’t think Wyze has commented on it publicly, probably based on legal advice. It’s not something that would affect customers very much.

As for the report, I think we should wait for a further update from Wyze. I don’t know any details, but it’s very unusual that a legitimate security firm or white-hat hacker wouldn’t first report it privately, so that Wyze would have the opportunity to fix the issue before an announcement was made. It’s also unusual that Wyze can’t verify a breach, if IPVM reported it to Wyze, and IPVM was able to verify it independently. That seems to imply that IPVM hasn’t shared the method with Wyze, perhaps because it doesn’t have direct access to the method, if it exists at all. But I’m just speculating.


In the article it says there is a publicly accessible Elasticsearch database. That’s very easy to verify, so if it’s true I would have expected Wyze to find and verify that right away. Since Wyze seems to be unable to verify IPVM’s claims that makes me wonder if IPVM has accurate information.


I do hope that’s the case. I’ve been an early adopter for quite some time and really like Wyze both for their products and the company and its employees.