[Updated 02-13-20] Data leak 12-26-2019

It is just going to take a few hours for the service to get caught back up

YES> Google Authenticator app pls.

2 Likes

Someone needs to work on reading comprehension. The 2FA system is overloaded because everyone is logging back in at once. It’ll clear up.

Nobody cares to change your phone number. They’re not that bored.

The 2FA in that article is different from the 2FA Wyze is using with the app. There are different types of 2FA.

1 Like

Annoying. I tried checking some alerts earlier , about 2 hours before making this post, and found that the app had logged me out. I tried logging back in and it didn’t accept my password. I reset it and waited for the 2FA text but it never came. I hit “resend code” and it said “invalid number entered.” I didn’t enter any number because I never got the code.

I tried again a couple of times and am now just getting a message that says “too many attempts, try again later.”

I finally got home and always turn my cameras off when I’m home but I have ZERO control over my cameras right now, I can’t see any alerts, and can’t turn the cameras off. I had to physically unplug the cameras.

Not good Wyze.

MOD NOTE: Post edited to conform to the Community Guidelines

Unless I’m missing something, sniffing requires both physical proximity to the target and specialized hardware/software to sniff SMS (Stingray, downgrade attack, etc). Social engineering can potentially affect any target from anywhere with nothing more than the street someone grew up on and the last 4 of social (an oversimplification, of course, but it gets the point across). Sure, carriers ask security questions, but people aren’t always creative and choose something that isn’t actually what the question asks.

1 Like

Just in case you didn’t get it or you haven’t read your email here is the
Info email wyze sent out

Hey Friends!

We’re seeing multiple reports of failed login attempts with 2-factor authentication. If you recently tried to login to your Wyze account and the login attempt failed, hang tight! Our 2-factor authentication servers have been overloaded by requests and we will likely need a few hours to catch up. We have all hands on deck working to resolve this issue.

Also, if you linked your Wyze account with Alexa, Google Assistant, or IFTTT, please re-link the services.

We’ll get your Wyze account back up and running ASAP! We’re so sorry about this!

Wyze

2 Likes

If you think social engineering is the faster and easier way, then that is your opinion.

The point is it does not matter what kind of 2FA is being used. The proper way to secure your account is make sure that password need to be changed on a frequent basis.

I too am getting the same errors as others have posted about. It is a bit frustrating, however, I do trust that Wyze is doing everything in their power to resolve this issue.

@WyzeDongsheng , I’ve been with you from almost the beginning, and I will continue to be a loyal customer. Thank you for always being so transparent. Keep up the good work.

1 Like

I did not receive any emails from Wyze.

Now when I try to log in it just says “Invalid Number Entered.” I didn’t enter any number.

In addition to any security issues, the login system seems to be broken too.

Can someone please tell me how I can control my cameras?

I was able to delete Wyze out of Alexa and then re-add it but Alexa will not run any of the Wyze devices

Wouldn’t it be less a load on ur local servers for OTP type 2FA instead SMS? Since the code is generated on a app on the users phone and not some SMS sever thing? OTP is far more secure anyway (separate topic i know).

I can control things via GA atm, but the WYZE app is still not functional.

2 Likes

yea i have not gotten any emails nor my folks account.
U cant control anything most likely until u can log into the app.
Try again tommorw.

Hmm, I’m not sure. Maybe try it again? I did it, and it worked fine for me. Did you follow these directions?

1 Like

Yep I’m new to Alexa so I actually had an Alexa or excuse me an Amazon rep walk me through it and it did not work.

The email seems to be slowly making its way, I got it a minute or two ago. The ‘invalid number’ error should be resolved by letting the service get caught up.

Actually, now and days we tend to recommend against changing passwords frequently, as most people have a natural tendency to either 1) reuse passwords across different accounts, and/or 2) turn “s@fep@55word” into “s@fep@55word2”, “s@fep@55word3”, etc…

Simply recycling old passwords or appending a single character to an existing password does not harden password entropy.

Today’s best guidance is to 1) use unique, 2) complex passwords (12+ characters, including alphanumeric and special characters) for every single account you have.

EDIT: typo

EDIT 2: Actually, social engineering is regarded as the number 1 way of gaining unauthorized access, and many enterprise organizations use phishing education (eg KnowBe4) to educate their user base. Without a doubt, end-users are the weakest link in the chain. Someone “sniffing packet data”, setting up stingrays, etc… tend to be targeted attacks and require much more sophistication to execute successfully.

6 Likes

I just tried again and it is working

1 Like

Excellent. Glad to hear it! :slight_smile:

1 Like

I agree.

That is not Wyze’s responsibility.

I would also suggest from wyze to provide different 2FA service options.

1 Like