As Wyze Cameras are used by this blogger, the following email was sent just a few minutes ago:
Wyze Users,
There is nothing we value higher than trust from our users. In fact, our entire business model is dependent on building long-term trust with customers that keep coming back.
We are reaching out to you because we’ve made a mistake in violation of that trust. On December 26th, we discovered information in some of our non-production databases was mistakenly made public between December 4th – December 26th. During this time, the databases were accessed by an unauthorized party.
The information did not contain passwords, personal financial data, or video content.
The information did contain Wyze nicknames, user emails, profile photos, WiFi router names, a limited number of Alexa integration tokens, and other information detailed in the link below.
If you were a user with us before we secured this information on December 26th, we regretfully write this email as a notification that some of your information was included in these databases. If you are receiving this email and joined us after December 26th, we write this email because you use our products and deserve to know how your data is being handled.
Upon finding out about the public user data, we took immediate action to secure it by closing any databases in question, forcing all users to log in again to create new access tokens, and requiring users to reconnect Alexa, Google Assistant, and IFTTT integrations. You can read in more detail about the data leak and the actions we took at this link:
https://forums.wyzecam.com/t/updated-12-30-19-data-leak-12-26-2019
As an additional security measure, we recommend that you reset your Wyze account password. Again, no passwords were compromised, but we recommend this as a standard safety measure. You may also add an additional level of security to your account by implementing two-factor authentication inside of the Wyze app. Finally, please be watchful for any phishing attempts. Especially watch any communications coming from Wyze and ensure they come from official @wyze.com and @wyzecam.com email addresses.
We are deeply sorry for this oversight. We promise to learn from this mistake and will make improvements going forward. This will include enhancing our security processes, improving communication of security guidelines to all Wyze employees, and making more of our user-requested security features our top priority in the coming months. We are also partnering with a third-party cyber security firm to audit and improve our security protocols.
As we continue our investigation into what happened, we will post future updates to the forum link above. More details will follow and we appreciate your patience during this process. Please reach out with any questions or concerns to our customer support team by going to support.wyze.com.
Sincerely,
Yun Zhang
CEO @ Wyze