So what’s everyone think? Is it safe to presume that Wyze’ attorneys have brought suit/cease and desist against 12Sec, and that’s why we haven’t seen the long-awaited Update 5 at this point?
1 Like
Those are the ones that scare me!
Looks like I was correct.
Update 5 has been conveniently posted after my assertion yesterday, and 12Sec has basically walked-back all the espionage claims, and, get this, suggests it’s Amazon who is at fault.
Further, he’s created a new page on blogger with no mention of Wyze, and states that the old blog will remain up (yeah, of course; it’s now evidence for Wyze’ lawsuit; probably had to create the new blog so as not to alter the evidence against him in the original blog).
Clearly, he’s reading this forum. So I say to you, Dan (12Sec) - good luck defending your earlier allegations with that tinfoil hat you must be wearing. Bahahaha!
6 Likes
I hope this becomes a lesson to some out there. To be clear, I’m in no way saying to not ring the alarm when there is a problem, a leak, whatever. But there is a huge difference between providing facts and stating opinions based on those facts, and manufacturing wild theories and trying to pass them for facts.
4 Likes
Could not agree more. There are even members of this forum that should take this to heart. 
4 Likes
Facts are so constraining. It’s much more fun to make up your own “facts” that way they can better fit whatever narrative you are promoting, or at least conform with the delusions you may already have.
4 Likes
It is so cheap to start a LLC. I don’t know why he didn’t do that. But, I hope Wyze can recover from the lies he posted. And next time, he should start a business right, and submit leaks through the proper channels.
4 Likes
I’m not sure if we actually really know true facts anymore. There’s so much fake crap that gets passed around that knowing the actual truth is nearly impossible to find out
4 Likes
Yeah, best we can all do is to not aid in the spread of the bs
1 Like
Am I missing something or is he not the one that exposed WYZE 's blunder with out data? I for one am grateful that he brought this whole mess to the forefront. Yes I’m happy that some of his other outlandish claims appears to be not true. Reading some of his posts makes my head hurt. I’m not sure where all that came from? So I never took those outlandish allegations too seriously, and figured the truth would be found out by people way smarter than me. At this point I’m still waiting for those smart, unbiased people to conclude their investigations before I call this affair done.
He did indeed expose the breech. But he did so in a most unprofessional manner. Nonetheless had it stopped there he still would have been seen as doing a public service.
However he went on and followed fact with supposition. Then he went even further and basically accused Wyze of being in the secret employ of the Chinese government. Not satisfied with just that he leveled a whole slew of allegations against Wyze, China, Amazon, and about a dozen other companies and countries.
Then, not satisfied with that (or reacting to a law suit) he walked it all back rather abruptly and arbitrarily. Apparently now it’s all Amazons fault.
3 Likes
Yeah, sure, he did. But he did it with total disregard to standard/expected vulnerability disclosure processes. While we do owe him thanks for the former, it in no way justifies the latter.
1 Like
I’m not taking his side, or making any comment on his allegations, Frankly it was hard to read his ramblings. But “IMO” and at this point in time WYZE brought this upon themselves. “unprofessional manner” is a charge that can be levied against more than the guy bringing things to light. And I’m sure WYZE is perfectly capable of defending themselves. As far as China and Amazon …well I just let that go.
There are real professionals who find holes in security, who let the company know through the correct channels, so that hacker’s can’t gain access while the patch is underway, and the company can get a third party company to investigate the issue, to notify customers affected by this.
This guy, is not a security company. It’s a guy, who hacked and let everyone in the world know publicly because he thinks the Chinese are after everyone, or whatever propaganda he is trying to spread. He did so, in an unprofessional way. MANY experts have pointed this out. Although he did find the leak that Wyze did not know about. Wyze is at fault, and it is unexcusable for Wyze to have our data out their unprotected.
I just hope we get more information about this event, out of my own curiosity. Did he get sued? Is Wyze taking action against Dan? What has Wyze done to protect our data better? Will Gohan turn super Saiyan? Will legal action be taken against Wyze due to the data leak? Why did Experian leak all my data? And etc…
2 Likes
Well as has been pointed out numerous times on this thread any competent legal representation would start by advising their client (Wyze or Dan) to not say anything more on the topic other than very calculated press releases. So apparently Dan at least does not have or feel the need for competent legal representation.
Of the dozen or so breeches I have been involved in (as in had my data exposed) only this one was I actually notified by the company that leaked. Of all the rest, well only two was I ever notified by a legal agency over 2 years after the leak. All the rest I found out like most of us did by reading in the news.
So the jury as it were is still out on Wyze. On Dan the Jury’s vote is back and it’s unanimous. He is a class 1 nutcase that stumbled on a leak and did absolutely everything he could to make it worse. His one and only tolerable act was finding the leak. After that he has descended into the tinfoil hat brigade with a vengeance and any remaining signal has been lost in the noise.
4 Likes
So your stating that you didn’t read about the breach, and WYZE actually contacted you first? I thought the initial criticism about WYZE was them not actually contacting people. I know I received an email from WYZE on Dec31st…some six days after they ( and I ) found out.
As far as how Dan finding the breach, that is an interesting question. Did he “just stumble on it” like you posted? Or was he actually searching for something…I’m not sure which is worse.
1 Like
They posted an official response on the forum in less than 24 hours, (On the day after Christmas) and acknowledged the breach in less than 48. That’s in spite of the fact that it was probably around 4 days until they had a full workforce in the office, due to the timing around the holiday and weekend. The email was sent out when you stated. I suppose some people criticized, but it seemed like a pretty quick response to me. It seemed like the proper way to balance things, in my opinion. People who found out before they sent out the email were able to find an official response.
It wouldn’t have made sense for them to actively spread the information further before they’d had time to do their due diligence to make sure they understood the full extent of the problem and ensure that all security holes had been completely patched. Once they’d been able to do that, they sent out an email to all customers.
2 Likes
No I think you missed the point I was making. Breeches involving Apple, Amazon, Microsoft and HP just to name a few went unreported to the affected users for years. Wyze acknowledged the breech and notified their users in 6 days from the time they learned of it. It took 5 of those days just to do the very minimum due diligence to confirm the breech and figure out if it was larger than reported etc. I think on balance that makes Wyze one of the very few companies that was responsive to their users.
I am not going to say anything more about Dan, feel free to draw your own conclusions based on what he has written. Being in business I had the luxury of access to very good legal folks and some top notch cyber security folks. Suffice to say their opinions heavily colored mine.
3 Likes
I didn’t really have a problem with their response. But perhaps just a general email stating that there was an issue, and that they were looking into would have been the right way to go.
I’m guessing they have many more users who don’t frequent this forum than do. I am also guessing that many of them found out by “reading it in the news” just like rbruceporter pointed out in his post.
Perhaps. That’s a valid opinion, but I don’t personally agree with it. I think there are more reasons NOT to do that than to do it. As I said, it wouldn’t make sense for them to spread the information further before they had a chance to do their due diligence. But posting here ensured that people who had already read about it in the news had access to an official response.
2 Likes