Wyze data leak may have exposed personal data of millions of users
The security camera startup blames employee error for weeks-long data leak.
Steven MusilNight Editor / News
Steven Musil is the night news editor at CNET News. He's been hooked on tech since learning BASIC in the late '70s. When not cleaning up after his daughter and son, Steven can be found pedaling around the San Francisco Bay Area. Before joining CNET in 2000, Steven spent 10 years at various Bay Area newspapers.
ExpertiseI have more than 30 years' experience in journalism in the heart of the Silicon Valley.
Security camera startup Wyze has confirmed it suffered a data leak this month that may have left the personal information of millions of its customers exposed on the internet. No passwords or financial information were exposed, but email addresses, Wi-Fi network IDs and body metrics were left unprotected from Dec. 4 through Dec. 26, the company said Friday.
More than 2.4 million Wyze customers were affected by the leak, according to cybersecurity firm Twelve Security, which first reported on the leak
All the latest tech news delivered to your inbox. It's FREE!
The data was accidentally left exposed when it was transferred to a new database to make the data easier to query, but a company employee failed to maintain security protocols during the process, Wyze co-founder Dongsheng Song wrote in a forum post.
"We are still looking into this event to figure out why and how this happened," he wrote.
In an update Sunday, Song said Wyze discovered a second unprotected database during its investigation of the data leak. It's unclear what information was stored in this database, but Song said passwords and personal financial data weren't included.
Among the data exposed in the Wyze leak was the height, weight, gender and other health information of about 140 beta users participating in the testing of new hardware, Wyze said.
The company said there was no evidence that login tokens had been exposed but signed out all users to generate new tokens. Customers can also expect their cameras to automatically reboot in the coming days as an additional security action.
Wyze said it takes its product security seriously and will reexamine its procedures.
"This is a clear signal that we need to totally revisit all Wyze security guidelines in all aspects, better communicate those protocols to Wyze employees, and bump up priority for user-requested security features beyond 2-factor authentication," Wyze said.
Wyze representatives didn't respond to a request for additional information and comment.
Watch this: California's new privacy law: Everything you need to know
Cheap Wyze Cam Pan security camera does more than most