I too agree that 12Sec does not deserve benefit of the doubt. Their disclosure of this was irresponsible. Further the exposed information has already been explained to not be in the same league as previous capital-B Breaches. Really this seems a minor leak compared to all the others that happened previously. Do people here still shop at Target? At Home Depot? Those breaches were much more serious with actual meaningful information. This lower-case b breach is minor with relatively inconsequential information.
As for an email, I imagine that Wyze is making sure they have all the facts straight and have also locked down any similar/related issues before notifying their userbase. It would be worse if they notify, then shortly thereafter have another similar issue made public. I applaud their course, being cautious while providing updates in this (public) thread to people who are keen to follow along.
I understand that the Wyze team is researching and curating their response. My issue is that the Wyze team is not pushing any updates. Users must poll for updates by periodically returning to [Updated 12-29-19] Data leak 12-26-2019 I’d like t see a public plan for official daily (minimum frequency) updates rather than 200+/day rants on this thread.
A few months ago in a thread I posted an email from amazon stating that it’s up to wyze to amend the details on amazons site.
Gwendolyn asked for it.
So not a comment…a fact.
I will wait and see as the saying goes. I have a very good friend that does this stuff very successfully for a living. He teaches for SANS Institute among others and has numerous Fortune 500 clients. Put it simply, he is still laughing. Said he would not honestly trust anything they have to say. He agreed they had legitimately found an unsecured database but a lot of what they have to say is technically not correct and they say “as I will show/see later” a lot and then never do.
Hey maybe this person will make us all look silly and expose Wyze as a front for a mainland Chinese spy ring injecting horrible malware into our home routers. But I really truly don’t think so. But as they say, never assume because… well you know the rest of that old saw.
The EU are already looking to it…
“Organizations that don’t comply will face heavy penalties of up to 4 percent of their global annual revenue or €20 million, whichever is higher”
so, on 12/29 Wyze says they are working on an email notification to users, but on 12/30/2019, I still have nothing. Had to find out about this from the news and not my software and hardware vendor? WTH, Wyze? i love you guys, and you’re usually responsive, but you need to hire some InfoSec consultants NOW and get this info out to the users.
I get that no pw info was stolen, but given that token data was compromised (requiring my re-login - I should have known something was up, but thats hard when WYZE DIDN’T TELL MOST OF US!), I would expect much quicker notifications.
I just expected more - a simple email would’ve been nice. I won’t abandon Wyze, but I certainly won’t be recommending them until they can prove their competence again. Companies can’t just ‘do what they want’ - ask Boeing…
Disappointed… GET THE NOTIFICATION OUT NOW! STOP DELAYING!!!
When I see a reputable news source or official E.U. source say that I will believe it. Until then I don’t give it any more credibility than I do to flat earthers.