Wyze Labs is popularly known for offering budget-friendly connected smart home security cameras. The company has reported that the information of 2.4 million customers has been exposed to the public. The information includes camera names, user profile photos, nick names, email addresses of users, WiFi router names, Alexa integration tokens, and health information like gender, height, weight, bone mass, bone density, and daily protein intakes of some users.
The breach does not include sensitive information like users’ passwords, cloud storage or any other financial data. The breach affects only those users that have created their accounts before December 26, 2019. The breach was first reported by the Texas-based security consulting firm, Twelve Security.
Wyze claims that an employee error has led led to the massive data leak. To address the security, the company has added more protection levels to their databases. Even the a token refresh has been pushed to all users, and they are forced to re-integrate Alexa, IFTTT, and Google Assistant.
Dongsheng Song, Cofounder and Chief Product Officer of Wyze Labs wrote, “Thank you for your patience as we work through this process. We have been reading through everyone’s comments and are continuing to work together on methods to improve our security and ensure that similar occurrences never happen again.”
The incident has highlighted the fact that most IoT vendors don’t priorities privacy or security due to the price point. The consumers who buy these products only care about the cheap technology. It is important for these companies to not compromise on security to keep the costs down.