Wyze smart home cameras easily hackable; data of 2.4 million customers leaked

The use of Internet of Things (IoT) devices not only poses a cybersecurity risk that could compromise networks and other Internet-connected devices, as sometimes information collected by developer companies is not properly stored.

This is the case of Wyze Labs, manufacturer of cameras and other devices with an Internet connection, as the company has just confirmed that the databases that store the information of millions of its users were exposed on the public Internet.

Founded by three former Amazon employees, Wyze manufactures smart devices with sales prices of $20 USD on average, options much more accessible than those manufactured by major tech companies.

A first incident occurred between December 4 and 26, period during which a database containing the email addresses of millions of Wyze Labs device administrators was exposed, in addition to this, there were also exposed the email addresses of people authorized to access camera feed, a list of devices per home and smartphone access tokens.

The incident was revealed on December 26 by cybersecurity firm Twelve Security and subsequently confirmed by Wyze Labs. Those in charge of the report say that around 2.5 million records were stored in the exposed database; on the other hand, the manufacturer ensures that the passwords and financial data of the users are completely secured.

As a security measure, Wyze forced the logout of all of his clients’ accounts, as well as prompting them to log in again to generate new access tokens.

As if that wasn’t enough, this weekend Wyze revealed that the cybersecurity firm had detected a second exposed database; although no further details have been revealed for now, the company says that financial details or access keys were also not compromised either.

Every day more and more households around the world are resorting to the use of smart cameras and other similar devices, the bad news for users and manufacturers is that it has also significantly increased the number of hacking incidents of these devices. Over the past month, at least four families in the U.S. reported malicious activity through security cameras and smart doorbells manufactured by IoT device company Ring.

Although Ring argues that these incidents are largely due to user habits and data breaches on other platforms, experts from the International Institute of Cyber Security (IICS) ensure that the company, owned by Amazon, has also failed to design and protect its products, so ring rings Ring in the first step to improving the safety of these devices.