US-based smart home technology company Wyze Labs Inc. has confirmed the leakage of databases of its millions of customers.
The leak was first reported by Twelve Security, a cybersecurity firm, which claimed that personal information of 2.4 million users was exposed to the public as “both the company’s (Wyze’s) production databases were left entirely open to the internet.”
Reports showed that the user names and email addresses of the customers and those who were given permission to view the camera feeds were open for public view. The data also allegedly included a list of home cameras and tokens used for smartphones.
On the following day, Wyze Co-founder Dongsheng Song confirmed the data breach in a blog post but he insisted that not a single password or financial statement was disclosed in the involved databases.
The Co-founder explained that an employee copied data into a new database and did not carry over the original database’s security, leaving the user information exposed from Dec. 4 to Dec. 26.
In relation to the original data leak, Song said they are working on email notification and have logged out their customers and obliged them to re-login to fix it.
“We’ve always taken security very seriously, and we’re devastated that we let our users down like this,” Song said in the blog post.
Wyze Labs Inc., a brainchild of three former Amazon employees in 2017, specializes in affordable and easy-to-use smart home products including cameras and gadgets.