I don’t believe they have access to anything in your Alexa. It was the other way, Alexa could talk to Wyze. Furthermore the tokens used for that link were nullified and you had to re link them. Wyze can’t control my Alexa. So far I have yet to see hard evidence of anything other than some data leak. No passwords. All tokens leaked have been reset. Other data breaches have leaked names, emails, addresses, and so on. I don’t think there is an ongoing issue with access to our cameras. My one concern is if they want to avoid the appearance of China ties, why have any production cameras talk to anything outside of the USA. Host everything here.
I have read those articles and truly see not proof, as for responding I did respond, I changed my password and logged back in. I for one will keep using all my products and continue to buy more.
What I find very interesting about the data breach is the population of customers who can’t divorce their love of Wyze (which is seemingly a bit much for a company that makes electronics) from the fact that Wyze did have lax security protocols that led to a leak of data. It isn’t a binary choice. You can enjoy the products of a company but also criticize them; it’s not all or nothing.
When I put internet-connected cameras in my house, I have no presumption of privacy. It’s like email at work; I assume that everything is being (or can be) viewed by someone at sometime. I am glad that info like my SSN or other financial data was not leaked - it was simply data that is fairly insignificant (but should not have been leaked).
I am pretty disappointed that people here seem to have issues with IPVM or other websites/press for reporting this (the idea that they are “out to get” Wyze, or other conspiracy-type theories). We should be thanking them for bring this to light. It is beyond me why there is a population of people who continue to blame the press and others that are reporting on this, rather than directing their ire towards the people who caused this whole situation to occur (Wyze). You can take issue with how it was reported, or for not following best-practice for reporting on these things, but at the end of the day, we would may not have ever known about this if it wasn’t for them. Again, it’s not all or nothing.
Blaming things on an employee is pretty weak - if you are willing to take credit for when things are going well, you can’t blame others when they aren’t. I will continue to purchase Wyze products simply because they are inexpensive, work fairly well, and have good customer support. Not because I have some emotional connection to them.
2 Likes
I have no problem saying that Wyze messed up. They did. It was irresponsible. They obviously didn’t have sufficient security protocols in place. But I’ve also seen enough about the way they conduct themselves that I have faith they’ll fix it and won’t repeat similar mistakes moving forward.
I do have issues with the way the guy from 12Security conducted himself. (IPVM less so, because they were merely reporting on something 12Security had already made public.) I have no issue with the press. I have issues with the grey-hat hacker. He intentionally forewent responsible disclosure, so that Wyze only heard about it from a third party, (IPVM) with no advance notice. That, frankly, is the behavior of someone trying to sabotage them. That’s not a conspiracy theory. Every post on his website is filled with xenophobia. He accused them of spying for the Chinese government. Now that sounds like a conspiracy theory to me.
2 Likes
I suppose there may be some who behave as you indicated but I honestly believe most of us are realistic enough to be disappointed in Wyze for allowing the leak to occur but at the same time really concerned by IPVM’s response and so called TwelveSecuritys handling of it. Then we cross into the twilight zone with some of 12Secs postings accusing Wyze of espionage and accusing Credit Karma of hosting porn etc.
Yep I am grateful the unsecured database was found, by whomever found it. No I don’t give this airhead any credence at all based solely on his/hers/it’s other postings. Thank them for finding it, not terribly happy with how they handled it.
I don’t downplay Wyze’s very real failure to take proper precautions and security with our data. Not cool at all. And that failing is squarely on their shoulders. Based on how they have responded so far I am willing to continue to use their products.
But because I unfortunately assume all IT vendors will drop the ball, I take precautions and I constantly evaluate the risk/reward ratio. If it gets too risky I will go elsewhere and hope for the best. In the meantime I work with a consumer lobbying group to get laws with teeth passed to force companies to take better care of our data.
Now with all of that being said, I am very happy with the company on balance. I think their response so far is head and shoulders above most companies that have had far worse breaches. They have consistently provided value I perceive as more than I paid for. They are so far doing most, not all, things fairly well.
Now if for instance this happens again, or they don’t improve their handling of security such as a better 2FA system and the ability to change our email address and SSID without having to reset every device, then I will probably leave and find another product line.
But for now I am ready to give them the benefit of the doubt. But that buffoon at TwelveSecurity I would not give the time of day.
3 Likes
I have no issue saying WYZE messed up, do I like their products, yes. Will I continue to use their products, right now, yes. My only blame to the ‘media’ is the way it was initially reported without giving WYZE notice to lock things down. That causes more harm than good and actually causes more exposure, then there have also been items I feel that have not been proven yet.
I don’t think they were completely placing blame on an employee. WYZE did say that they ‘as a company’ let us ‘as users’ down. They were being open as to how it happened because there would have been many people wanting to know how something like this happened.
I do not work for WYZE, I am a user just like you, I just volunteer my time to help others out on here. WYZE messed up, but I am not giving up on them, I hope this will make them stronger and more secure. They may prove me wrong, but as for know I will continue as I have been.
3 Likes