Skip to main content

Wyze User Information Leaked Include Emails And Other Data

By January 21, 2020May 9th, 2022Cybersecurity

Wyze is one of the many manufacturers of consumer-grade smart devices. They recently confirmed that user data belonging to nearly two and a half million of its customers was exposed. The root cause of the exposure was traced back to an unsecured database connected for nearly a month to an Elasticsearch cluster. This was during a period of time spanning December 4th to December 26th, 2019.

The company did not discover the database on their own. Rather, they were following a tip given to them by a reporter. This was following the developments of security researchers operating out of a company called Twelve Security, who initially discovered the database.The reporter published the article he was writing after contacting the company, but apparently, not in coordination with them.

Having been alerted to the problem, the company took swift action, but in this case, perhaps it was too swift. According to Dongsheng Song, one of the co-founders of the company and its current Chief Product Officer:

“We locked down the database in question before we were able to verify it was exposed. We did this as a precaution because the published article referenced a database connected to ‘Elasticsearch’: a search tool that we also used on our query database.”

As to impacts, it has been confirmed that the database in question contained WiFi SSIDs, customer email addresses and smart device nicknames,.It did not contain passwords or any financial information, so although it’s a serious issue, it’s not as bad as it could have been.

Song also noted in a blog post on the matter that “there is no evidence that API tokens for iOS and Android were exposed, but we decided to refresh them as we started our investigation as a precautionary measure.”

In a nutshell, the handling of this incident was botched and uneven, but it could have been much, much worse. Wyze dodged a bullet, as did the company’s customers.

Jason Manteiga

Jason J. Manteiga, Vice President of Olmec Systems, has been part of the company for over the past 20 years. He believes that having a great work environment and supportive team, is the ultimate key to success. Since being in the IT realm for over 25 years, Jason, along with Olmec Systems, has been on the Inc. 5000 “List of America’s Fastest Growing Private Companies” and Channel Futures MSP 501 “Top Managed Service Providers in North America,” along with other awards and nominations. Jason earned his Bachelor Degree in Information Systems from the New Jersey Institute of Technology. He also holds certifications in Microsoft MCSE, VMWare VCP, and Cisco CCNA. In his spare time, Jason is a contributor for The Center for Social & Legal Research (Privacy Exchange) and a member of the Morris County Chamber of Commerce. His hobbies include cycling and kayaking. He currently lives in New Jersey with his wife, two daughters and son.