Smart-device maker Wyze confirms data leak that could affect millions

This post was originally published on this site

Wyze Labs Inc., a maker of smart-home cameras and devices, has confirmed a data leak that could affect millions of customers.

Cybersecurity company Twelve Security first reported the leak on Thursday, saying “both the company’s production databases were left entirely open to the internet,” exposing the information of around 2.4 million users. The data reportedly included user names and email addresses, WiFi network names, lists of camera names and personal health information for a small number of beta users.

Wyze co-founder Dongsheng Song confirmed the leak in a blog post Friday. “We don’t have all the answers yet,” he said.

On Sunday, Song followed up, saying the company had discovered an additional database had been left unprotected. None of the affected databases included passwords or financial information, Song said, and all of the databases have been “locked down.”

Song said the user information was left unprotected from Dec. 4 to Dec. 26, after an employee copied data into a new database and mistakenly did not carry over the original database’s security.

“We’ve always taken security very seriously, and we’re devastated that we let our users down like this,” Song said in the blog post. “We are working on an email notification to all affected customers and plan to release it in the near future.”

Seattle-based Wyze was founded in 2017 by former Amazon.com Inc. AMZN, +0.06%   employees, and has focused on inexpensive smart-home products and wireless cameras. It has raised $20 million in Series A funding, according to CrunchBase.