Wyze, a Seattle-based producer of smart home video cameras, has announced details of a data breach affecting approximately 2.4 million of its customers.
Originally discovered by security researchers at the firm Twelve Security, the company says that its customers’ personal data was left exposed on an unsecured server for over three weeks -- from December 4 to December 26. While the exposed data does not contain financial information, the company says that consumers’ email addresses, camera nicknames, and Wifi SSIDs were compromised. For certain beta users, some health information was also exposed online.
In an update on its forum made on December 29, the company says it will be notifying affected users via email and providing additional information.
“We are deeply sorry for this situation. Thank you for your patience as we work through this process. We have been reading through everyone’s comments and are continuing to work together on methods to improve our security and ensure that similar occurrences never happen again,” a company representative said.
Investigation needed.
In a post of their own, the Twelve Security researcher who discovered the unsecured server said that the magnitude of the breach was the largest they had ever encountered.
The researcher says it’s likely that the hackers responsible for the data leak have Chinese connections, as an analysis of the data showed that none of the 2.4 million records that were compromised came from within the country. They state that a response from U.S. officials is needed to get to the bottom of the issue.
“If this was intentional espionage or gross negligence, it remains a malicious action that must be answered in the form of a decisive, external, and fast investigation by US authorities,” the researchers said.