I think Wyze should live up to a higher standard than “Most businesses” since they chose one of their core values to be “Be Friends with users.” Nobody forced that on them. But when you adopt and proclaim your core values, you must live up to them to a high standard.
I am not going to say Wyze did everything wrong here either. They did A LOT right. However, there is still more they should do to live up to their own standards.
Yes, they did react fast (3 times faster than Steam when they had the same caching problem), and they fixed it fast and brought it back online, and they publicly told us the problem (it was a caching issue, which tells us pretty much everything…the website was accidentally switched by someone to use a global cache instead of individual cache, so it kept distributing the new global cache to everyone, but didn’t allow streaming access…what else does anyone really need to know? That pretty much explains it all), and they implemented some new safe guards to prevent similar problems, and they told us it was limited to 10 people and they contacted everyone affected all directly…but they didn’t do an email or anything yet.
To be fair, they have said they haven’t finished their investigation yet, so they haven’t really made their final announcement because they want to wait until their facts are all complete. And that’s reasonable TBH, BUT it’s been 10 days, you shouldn’t wait that long if you’re “friends with users.”
Wirecutter’s demands:
- Reach out to customers as soon as possible: Send an email to all customers, send push notifications in the app, put out a press release, broadcast in the Wyze Communities online forum.
- Describe the issue in detail and state precisely who was affected (and who wasn’t).
- Explain specifically what steps are being taken to aid affected customers and what if any actions the customer needs to take on their own.
- Follow-up with customers to let them know the issue has been resolved.
I think Wyze has actually already done everything Wirecutter is asking for except for emailing everyone and sending a press release. I’m personally not convinced a press-release was needed for something that only affected 10 users, but their hands are basically tied now. They can easily just say they hadn’t done one yet because their investigation hadn’t completed yet (they’ve been constantly saying they are still investigating, so this is probably even the truth). I think many users are just going to feel hurt and betrayed that they are first hearing about this from a NEWS article instead of hearing it from Wyze directly first (my brothers felt this way). If you’re friends with someone (as Wyze wants their core value to be), you don’t let them find out from the news, you proactively make an effort to let them know anything important going on with you recently, and you are as transparent as possible. Wyze did many things right with this issue, but they definitely have room for improvement if they want to live up to those standards they chose for themselves.
Personally, I think Wirecutter should’ve said that Wyze should commit to implement the following (whether they already do it or not):
- Conduct regular security audits and penetration tests, including with trusted, outside, 3rd party auditors.
- Partnering with leading security experts
- Investing in employee training on cybersecurity best practices (which I know they already do, but should still mention it)
I think that would go a long way for most people to know that a respected 3rd party with no potential conflict of interest is reviewing things sometimes.