They seem to have a personal vendetta against Wyze, and any company they feel have dealings with China.
If I had time, I would look up to see if a business, with that name, was even registered in the state they say they are from.
EDIT: clarifications
I too agree that 12Sec does not deserve benefit of the doubt. Their disclosure of this was irresponsible. Further the exposed information has already been explained to not be in the same league as previous capital-B Breaches. Really this seems a minor leak compared to all the others that happened previously. Do people here still shop at Target? At Home Depot? Those breaches were much more serious with actual meaningful information. This lower-case b breach is minor with relatively inconsequential information.
As for an email, I imagine that Wyze is making sure they have all the facts straight and have also locked down any similar/related issues before notifying their userbase. It would be worse if they notify, then shortly thereafter have another similar issue made public. I applaud their course, being cautious while providing updates in this (public) thread to people who are keen to follow along.
Well, they say they’re from Texas or New Mexico, depending whether you go by their Twitter or their website. Ha.
I understand that the Wyze team is researching and curating their response. My issue is that the Wyze team is not pushing any updates. Users must poll for updates by periodically returning to [Updated 12-29-19] Data leak 12-26-2019 I’d like t see a public plan for official daily (minimum frequency) updates rather than 200+/day rants on this thread.
A few months ago in a thread I posted an email from amazon stating that it’s up to wyze to amend the details on amazons site.
Gwendolyn asked for it.
So not a comment…a fact.
MOD NOTE: Post edited to conform to the Community Guidelines
I will wait and see as the saying goes. I have a very good friend that does this stuff very successfully for a living. He teaches for SANS Institute among others and has numerous Fortune 500 clients. Put it simply, he is still laughing. Said he would not honestly trust anything they have to say. He agreed they had legitimately found an unsecured database but a lot of what they have to say is technically not correct and they say “as I will show/see later” a lot and then never do.
Hey maybe this person will make us all look silly and expose Wyze as a front for a mainland Chinese spy ring injecting horrible malware into our home routers. But I really truly don’t think so. But as they say, never assume because… well you know the rest of that old saw.
Edit: Changed out to our.
I was wondering why I all of a sudden I started to receive junk mail on my personal e-mail account.
Wait what? I can’t change the email on my account without starting over?
Yes, at the moment it is not a user editable field. I suspect that will change soon.
Sadly … YES.
Members need to Vote on this !
signed…the newbie.
Our new rules are harder than the EU had 
The EU are already looking to it…
“Organizations that don’t comply will face heavy penalties of up to 4 percent of their global annual revenue or €20 million, whichever is higher”
so, on 12/29 Wyze says they are working on an email notification to users, but on 12/30/2019, I still have nothing. Had to find out about this from the news and not my software and hardware vendor? WTH, Wyze? i love you guys, and you’re usually responsive, but you need to hire some InfoSec consultants NOW and get this info out to the users.
I get that no pw info was stolen, but given that token data was compromised (requiring my re-login - I should have known something was up, but thats hard when WYZE DIDN’T TELL MOST OF US!), I would expect much quicker notifications.
I just expected more - a simple email would’ve been nice. I won’t abandon Wyze, but I certainly won’t be recommending them until they can prove their competence again. Companies can’t just ‘do what they want’ - ask Boeing…
Disappointed… GET THE NOTIFICATION OUT NOW! STOP DELAYING!!!
Or better yet when the login was required a simple message outlining why in the popup.
With links to more info.
When I see a reputable news source or official E.U. source say that I will believe it. Until then I don’t give it any more credibility than I do to flat earthers.
They won’t say a word(Other than the MEP one reported it to) till the evidence is in
and they are ready to cash in on it
Same happened to MS and Google.
Imagine a government from a country you do not even do business with asking for a 20 million fine.
buys island to start government to fine companies
The vast majority of extraterritorial GPDR violators have not been issued fines. And 90% of the money payed came from a single fine to Google.
As I have said. They get info in first.
Google has been find more than once by the EU
European fines against Google total roughly 8.2 billion euros, or $9.3 billion. Hit it where it hurts