iTnews
  • Home
  • News
  • Technology
  • Security

Wyze accidentally exposes internal analytics database

By Staff Writer on Dec 30, 2019 9:55AM
Wyze accidentally exposes internal analytics database

Finds no evidence it was accessed by anyone.

Smart home device maker Wyze has accidentally exposed a subset of user data that it had copied across to “a more flexible database” for an internal analytics project.

The company - which is best known for its cheap security cameras, though it also manufactures other devices - said it had not been able to confirm that the exposed data had been improperly accessed.

Wyze cameras ship to Australia via third party marketplaces like Amazon and eBay.

The data was left exposed to the public internet between December 4th and December 26th.

“To help manage the extremely fast growth of Wyze, we recently initiated a new internal project to find better ways to measure basic business metrics like device activations, failed connection rates, etc,” the company said in a forum post.

“We copied some data from our main production servers and put it into a more flexible database that is easier to query. This new data table was protected when it was originally created. 

“However, a mistake was made by a Wyze employee on December 4th when they were using this database and the previous security protocols for this data were removed. 

“We are still looking into this event to figure out why and how this happened.”

Wyze said that the exposed data “did not involve any of our production data tables”, nor did it contain “user passwords or government-regulated personal or financial information”. 

“It did contain customer emails along with camera nicknames, WiFi SSIDs, Wyze device information, body metrics for a small number of product beta testers, and limited tokens associated with Alexa integrations,” Wyze said.

As a precaution, the company forced all users to log back into their Wyze accounts and generate new API tokens.

It also “unlinked all third party integrations which caused users to relink integrations with Alexa, the Google Assistant, and IFTTT to regain functionality of these services”. 

“As an additional step, we are taking action to improve camera security which will cause your camera to reboot in the coming days,” it said.

Wyze apologised to users and said the incident “is a clear signal that we need to totally revisit all Wyze security guidelines in all aspects, better communicate those protocols to Wyze employees, and bump up priority for user-requested security features beyond two-factor authentication.”

Got a news tip for our journalists? Share it with us anonymously here.
Copyright © iTnews.com.au . All rights reserved.
Tags:
analyticscameradatabaseleaksecuritywyze

Partner Content

The Great Resignation has intensified insider security threats
Promoted Content The Great Resignation has intensified insider security threats
Security "mindset shift" needed to protect organisations
Promoted Content Security "mindset shift" needed to protect organisations
"We're seeing some good policy put in place, but that's the exception"
Partner Content "We're seeing some good policy put in place, but that's the exception"
Security: Understanding the fundamentals of governance, risk & compliance
Promoted Content Security: Understanding the fundamentals of governance, risk & compliance

Sponsored Whitepapers

Extracting the value of data using Unified Observability
Extracting the value of data using Unified Observability
Planning before the breach: You can’t protect what you can’t see
Planning before the breach: You can’t protect what you can’t see
Beyond FTP: Securing and Managing File Transfers
Beyond FTP: Securing and Managing File Transfers
NextGen Security Operations: A Roadmap for the Future
NextGen Security Operations: A Roadmap for the Future
Video: Watch Juniper talk about its Aston Martin partnership
Video: Watch Juniper talk about its Aston Martin partnership

Events

  • CRN Channel Meets: CyberSecurity Live Event
  • IoT Insights: Secure By Design for manufacturing
  • Cyber Security for Government Summit
By Staff Writer
Dec 30 2019
9:55AM
0 Comments

Related Articles

  • Details of another big ransomware group 'Trickbot' leak online
  • Nvidia says employee, company information leaked online after cyber attack
  • Australian Red Cross clients potentially caught up in international cyber attack
  • Moncler says key data on customers safe despite hacking incident
Share on Twitter Share on Facebook Share on LinkedIn Share on Whatsapp Email A Friend

Most Read Articles

Qantas calls time on IBM, Fujitsu in tech modernisation

Qantas calls time on IBM, Fujitsu in tech modernisation
Service NSW hits digital services goal two years early

Service NSW hits digital services goal two years early
SA Police ignores Adelaide council plea for facial recognition ban on CCTV

SA Police ignores Adelaide council plea for facial recognition ban on CCTV
NBN Co says TPG tie-up could help Telstra sidestep spectrum limits

NBN Co says TPG tie-up could help Telstra sidestep spectrum limits

Digital Nation

IBM global chief data officer on the rise of the number crunchers
IBM global chief data officer on the rise of the number crunchers
COVER STORY: Operationalising net zero through the power of IoT
COVER STORY: Operationalising net zero through the power of IoT
The security threat of quantum computing
The security threat of quantum computing
Crypto experts optimistic about future of Bitcoin: Block
Crypto experts optimistic about future of Bitcoin: Block
Integrity, ethics and board decisions in the digital age
Integrity, ethics and board decisions in the digital age
All rights reserved. This material may not be published, broadcast, rewritten or redistributed in any form without prior authorisation.
Your use of this website constitutes acceptance of nextmedia's Privacy Policy and Terms & Conditions.