Earlier today, Wyze confirmed the extent of the damage caused by a recent security breach in its system. It was reported by Wyze that on February 16th, 2024, customers were inadvertently given access to unknown camera feeds from other customers. We now know that this affected thousands of customers.
Wyze co-founder explained to The Verge last week that the team had confirmation of only 14 people who were able to see footage from other customers for a temporary amount of time. However, in just three days, they have reported the breach to have impacted over 13,000 customers.
Wyze elaborated on the issue, explaining that this was not a matter of hacking or malicious attack. Rather, a new "third-party caching client library" was added to their servers which was overwhelmed when the security team initiated a system-wide restart of all their systems. All of the devices turning back on at the same time caused some users to be paired with the wrong cameras.
Even though more than 99% of Wyze customers were not involved in the incident, thousands of people still got a glimpse into other people's homes. Further details confirmed that over 1500 customers attempted to tap on the unfamiliar thumbnails, with a few successfully getting access to the stranger's video feed.
All of Wyze's customers were contacted regardless of whether or not the security breach affected them. Alternate emails were sent to those who viewed thumbnails, those who accessed the thumbnails, as well as customers whose footage was shared with other customers. You can read the official communications in greater detail over at the Wyze website.