Wyze confirms server leakage that exposed details of 2.4 million customers

Wyze is a smart device selling devices like security cameras, smart plugs, smart lightbulbs, and smart door locks. The company has confirmed the server leak that has exposed roughly the details of 2.4 million customers.

The Twelve Security that is a cybersecurity consulting firm was the first one to discover and document the server leak in the Wyze. The leak occurred in Wyze when the internal database was accidentally exposed online.

The company has confirmed that the current server leakage has exposed details such as the email addresses customers used to create Wyze accounts, nicknames users assigned to their Wyze security cameras, WiFi network SSID identifiers, and, for 24,000 users, Alexa tokens to connect Wyze devices to Alexa devices. With all these personal details the hackers could also personally blackmail the victims. The data leak was first informed on December 26. When the company took an initiative for a new internal project to find better ways to measure basic business metrics like device activations, failed connection rates, etc the leakage issue raised. Though Wyze has confirmed the leakage issue they have also informed that they do not collect information regarding the bone density and daily protein intake even from the products that are currently in beta testing.

As a solution to the leakage issue, the Wyze has decided to forcibly log out all Wyze users out of their accounts and unliked all third-party app integrations — two steps that will generate new Wyze API tokens and Alexa tokens once users re-login and re-link Alexa devices to Wyze accounts