While it's upsetting the horrible truth is that many webcams are accessible without name and password. This has been kicked around for years now.
So if folk don't secure their cameras there's little to add here.
However I am encountering folk that think it's the product maker/seller's responsibility to lock it down. And that is debatable.
I am able to see through the Amcrest camera that I no longer own into the new owners bedroom!!
I purchased the Amcrest ProHD 1080P internet security camera from Amazon in late February, 2016. Dissatisfied with the software--particularly the Motion Detection Notifications settings--I returned the camera to Amazon; they received it April 2, 2016. I deleted the App on my iPhone, and had already set the email motion detection notifications to go to my Junk mail because I was getting hammered by them.
On Friday, May 20, 2016, I noticed that I had over 1500 Junk emails. Opening the folder, I discovered that beginning April 14, 2016, to present, I was getting motion detection notifications from the camera. I was baffled--before I returned it, I wiped and reset the camera to out-of-the-box status.
Opening a notification email gave me a link to Amcrestcloud. Going there, I was able to log in, and had the option to Liveview the camera. When I did--I WAS LOOKING INTO SOMEONE ELSE'S BEDROOM! I also had access to the 4-hour loop timeline and I could control the camera (pan, etc). I was appalled. I immediately showed my wife what was going on, and she was sickened.
I shut down the access and contacted Amcrest support--they not only were baffled by what was going on, they seemed more concerned with trying to get the notifications to stop. I explained that the notifications were NOT the problem--the problem is that I can see into someone else's bedroom through the camera! They took my info and promised to call back, but nothing.
I then contacted Amazon, and in the most forceful language I put them on notice of the horrific security, privacy, and ethical issues with this product. I asked that they notify everyone who had purchased this product, and/or put a warning on their site, and/or stop selling the product until the issue is resolved. I received a more or less stock response from their customer service rep and in an email reply to an email I sent them, documenting the problem.
I cannot contact the young lady into whose bedroom I can see, and neither Amcrest nor Amazon seem concerned. I'm looking for guidance and advice. This issue needs to go big and people need to hear loud and clear about this problem. Any help or getting the word out is greatly appreciated.
I have taken screen shots of the email notifications, the email itself, and others to document the situation.
Thanks in advance.
2/9/2017 Note: edited by Forum Admin to include update and response from Amcrest directly
Attention: This is a direct response from Amcrest 2/09/2017
We at Amcrest apologize for any distress this may have caused you. Please note, this is a rare occurrence. Typically, only when third-party sellers resell returned cameras without first removing their camera settings from their cloud account may the issue arise.
Our practice is to require all our retailers to send us back all returned cameras so that we may remove the camera from the Cloud and perform a hard reset on the camera before resale. So for customers who buy Amcrest products from Amcrest authorized sellers and resellers, this should be no problem.
Note that at Amcrest, we have several measures in place to prevent this from happening including:
1. Notifying Amazon and all authorized retailers of this issue and requiring them to return all used/returned cameras to us directly so that we can remove them from the Cloud. Retailers are not authorized to resell used cameras.
2. A new firmware update which removes the camera from the cloud whenever a hard reset occurs. Thus, even if a used camera is sold to a new customer without going through our facility, the camera will be disassociated from the cloud once a hard reset is performed.
3. Latest firmware having additional security measures which require Amcrest Cloud users to also provide the username and password of their camera as well as their Cloud login to ensure the camera in their possession is the same as the camera associated with their Cloud account.
We will also require all Amcrest Cloud customers to re-authenticate their account with their camera credentials.
The security and privacy of all of our customers is our #1 priority.
We would be more than happy to address any questions or concerns you may have. Please contact us directly at firstname.lastname@example.org, as you purchased it through Amazon. The email will go directly to us and not Amazon and I promise we will do everything we can to assist you or answer any questions. Thank you for your time and understanding. We hope we were able to clear up any concerns you may have.