Our teams have been very hard at work all weekend and I wanted to provide a quick update about what we’ve uncovered about the security event that happened on Friday, though you’ve likely already seen communication from our teams in other places. We have sent out official notifications to all users whether you were affected or not. You can see the emails we sent here:
We had a caching issue from a third-party caching client library that was recently integrated into our system. It got overloaded after the outage Friday morning and got wires crossed while trying to come back online.
Here’s the high level stats.
About 13,000 users received thumbnails from cameras that were not their own. 1,504 tapped on those thumbnails. Most of these taps enlarged the image, but we found a few cases with things like Cam Plus Lite and sound detection events where the thumbnail was attached to an event video and the video was viewed. Videos from live streams were not affected. Overall, this event affected a little less than 0.25% of Wyze users, including users who received thumbnails and users who had their thumbnails sent to a different account.
As I mentioned in my other posts, our engineering team has added a new layer of verification between users and event videos to prevent this from happening again. We’ve also removed the client library and will not be using caching until we can find a new client library and stress test it for extreme scenarios like we saw on Friday.
This investigation is not wrapped up yet, we will continue to discuss as a leadership team and evaluate what needs to change to better protect our users. I do want to thank everyone who has helped us with reports and logs to properly identify the issue and the affected users. This has been an incredibly stressful weekend for all and we are grateful for your help and so sorry that this happened.
Thanks for the transparency on the issue and of course the fix. Most companies would bury the issue and leave people wondering. Your explaination lends confidence. Stuff breaks and you have the right idea to fix and explain.
The “letter” is BS. I’m still having problems with it either going live or saying is connecting. It stops playing when u do click on an event so u have to hit pause and play again then it plays just to have it keep happening. None of this was a problem before last week. It’s now Tuesday 20 February 2024. They also said in their email that there was extra verification and that users would have have to sign back in blah blah blah… we have not had to do anything. So there is no extra security or anything different?! This is crazy! We have way too many cameras with wyze to have to be worried about security that’s what they are supposed to do for us! I’m sure everyone got same email saying their account was affected and how they were sorry and will do better?! Definitely not happy and very discouraged.
I don’t know what Wyze is doing on their end, but it seems some cameras take a long time to get online. I have an old V2 that took a week. I have a Pan Cam V3 that hasn’t connected until today, from the last service outage. I left both powered up during that time.
Ok, so this morning 21st, I updated the Wyze app on my tablet and my tablet is now able to connect. However, I still have one SECURITY camera at my Vacation home in the Sierra Nevada Mountains that is 3.5 hours away that is offline and will not recover (oh and it’s snowing like crazy so what now … drive 200miles ??? )
I have 25 cameras offline. I can’t begin to tell you how excited I am to have to deal with this, AGAIN. Seems to be a regular occurrence. WYZE needs to fix this already!
I have also been able to see all the Device information on that app for cameras that were off line. Gear top right to open settings > Device info which will show all you need to see.
This works on replacement, but why will the sense not reconnect on its own. Both hubs I have do not reconnect after power outage and I have to manually reset or delete and add back as a new device. Not right. I have both hubs hardwired ethernet, my router is perfectly fine and everything else reconnect so the issue is not there its the hub. Supports answer is to reset or delete and re add as new device and if that fails send out a replacement that does the exact same thing. How can they deem this a “security system” with such a flagrant fault
The actual video data does go straight between the camera and your phone, but the wyze servers are required for authentication and to help organize this connection.
My cameras still aren’t working properly, has the system been fixed yet? This seriously is ridiculous I never had these issues with my previous camera company wyze should be replacing these cameras… This too much is they crediting our accounts for February
Let’s submit this in Fix-it-Friday next week. I have been reading a lot of posts from people lately that the hubs are not reconnecting without a power cycle. They didn’t used to need this very often, but some of us are seeing it regularly now for some reason. I’ll flag a reminder for Friday.
but, hey give them some time. Rome was not built in a day 
