Yes, and then in the vast majority of cases have issued comliance statements/warnings for those violators, not fines.
As for GDPR violations one was to google and accounts for 90% of all fines total for GDPR, not European fines in general. I am trying not to conflate the two issues.
It is still not clear to me whether or not Wyze is subject to GDPR, but as per my limited knowledge and the discussion previously in this thread they would not be.
Well then I guess I will wait. 
Exactly! I used to sell mixtapes in my neighborhood back in the dark ages, you know before dirt?
I think I will Sue France because well I like the food and they used to sell some songs that sound similar.
Course they would be.
The data comes from within the EU to Wyze. So the EU will be interested if any EU members are affected.
As Wyze has stated in this threat. They will offer support to people who have bought cams from amazon US.
You think that the EU has not find anyone other than MS and Google!
Internet Provider 1&1 got find £9 million for
"Insufficient protection of personal data, failing to put “sufficient technical and organizational measures” in place to protect customer data in its call centers. Violation of article 32 of GDPR "
That sounds like wyze data leak to me?
This is off topic, but, I don’t like 1&1. They had horrible over priced hosting and domains. They should be fined for ripping customers off.
I think that because they handle data from the EU (whether on purpose or inadvertently) that they are handling the data and thus must comply with GDPR, but there exists caveats to this which may exclude Wyze. Hence I asked previously about this point.
No I don’t think that only Google and MS have been fined. Many have been fined, but again, of all the fines they have issued, the single $57m fine to Google is 90% of the entire sum of fines they have issued. And to reiterate most extraterritorial violations have resulted not in fines, but warnings etc.
edit: typo
yeah im out. wyze is dead to me. this is inexcusable. total lack of communication and shoddy security. the fact that in one person can expose the entire customer db is inexcusable. clearly no proper audits of IT security have been performed. as soon as i get home those things are getting ripped down.
I understand. I assume you will be no longer shopping at Walmart, Target, Wawa, Walgreens or any of the other vendors that have had far worse and larger leaks?
And it goes without saying that you have closed any social media accounts you may have had. And Google, Nest, Ring and other camera vendors that have been in the news lately?
Just curious what vendor you are going to use? It seems to me there really is not any particular secure alternative to use?
You are comparing apples to oranges. If some people feel Wyze hasn’t lived up to their responsibility for something as private, as a camera that can record you, it’s perfectly understandable imo.
Also because others have failed, doesn’t give Wyze excuses to fail also.
MS and Google do business and have costumers in the EU and therefore have an obligation to comply…if I take an American blender and plug it in the wall in Germany RWE can’t levy a judgment against the American blender maker for not designing the blender to work on 220/50 and starting a fire (5 second analogy, that may or may not actually apply)
Based on everything that Wyze has communicated to us over the last 4 days, and it’s miles more than what other vendors typically do, neither passwords NOR token data has been compromised. Wyze cleared all tokens requiring re-login as a precaution.
I’m in the field, and deal with creating architectures that prevent this from happening. Did Wyze mess up? Yeah, Ideally should have never happened, but inevitably it does, to the best of companies. Is Wyze handling this well? Yeah, extremely.
Again, based on any credible information out there, no new “interesting” data about users made it out to the public and no way to access your accounts. What got out was
So overall, am I concerned? Not the slightest, matter a fact I just purchased another Wyze cam 2 days ago after knowing the details of this “leak”. Use strong and UNIQUE passwords, use 2FA, and don’t put anything you don’t want people to know on the web.
All this fuss about this “leak” is the same things that were going around last year about Nest cam “hacking”, where people reuse passwords, use them on fishy sites (or even legitimate sites, and don’t change them after a leak), hackers get a hold of those passwords, and then log into your camera and scare your kids. Then people say it’s still the companies fault because they don’t somehow check that you reuse passwords. People need to grow up and take responsibility for their security online.
Now hey, if it does come out that more data was accessed, including passwords etc, big whoop. At that point they’ll be sure and send you an email as soon as they know, and if you did your due diligence, you would have had a unique password, and just change your password or if you want create a new account and add all the cameras again.
I don’t understand people who say “oh no, i’m going to throw away these cameras and go somewhere else”. Feel free if that’s what you want to do, but don’t let a single breach be the reason. If this becomes a norm for a company and there are multiple breaches, and you can see that the company isn’t doing anything about it, sure. But if your reason is that there was a breach and now your 1 password you used everywhere is exposed and your life is turned upside down, i’m sorry, the problem is with you, not the company.
Very true. And I don’t mean to imply Wyze did nothing wrong. I am honestly curious if folks will continue to do business with companies that arguably and demonstrably did more harm to their customers by far than this incident.
One of the fellows I know from work is in serious trouble because of the Target leak. He has had his identity stolen, had the bank foreclose on his house, has been in and out of court about loans and debts that were made in his name fraudulently. His out of pocket costs are nearing a half million with no end in sight.
So I am curious about the level of outrage I see from some folks and when I add perspective to the issue it just somehow feels incorrect.
If you read much there is a very tried and tested cycle these events go through. And some percentages of users react with nonchalance, some with outrage and some with indifference.
But what I am trying to understand is why study after study of these events show very few folks actually follow through on the outrage? In fact by most estimates I have seen over 95% of the “rage quit” folks actually continue using the product or service they were so upset with.
And that’s perfectly fine, both being outraged (or not) and not following through (or doing so). I am just curious about the phenomenon myself. After all the underlying issues probably won’t go away until enough people are mad enough to motivate their politicians to enact laws.
But I do notice a trend that follows these events, I assume it can be explained by psychology. People join forums like this in statistically significant numbers, post one or two “I am upset” posts and then never post again. It’s fascinating actually to watch. Go have a look at Reddit from around the time the Target leak was announced.
Again, the cameras and streams were not leaked, breached, or exposed. The limited set of data that was exposed seems to be limited to username/email, SSID, and room name of each camera, along with limited other data. None of these would permit a bad actor to access to your cameras. Wyze promptly revoked tokens once they were alerted to this issue to protect customer security. I know that people like to panic when they hear ‘data breach’ but a small amount of reading and due diligence makes clear that the cameras are still secure, that nobody “broke into” camera feeds due to this.
This is not the big deal that many people seem to think it is when they see the words ‘data breach’. Please, people, review what was actually exposed and don’t just assume that all data breaches are the same.
Well said! Sad it needs to said over and over. Data breaches are scary to the average consumer simply because of the unknown. So in that sense we probably can’t say it enough!
Well according to the latest post from twelve security, streams could be accessed: Wyze Essay 2 - Aresflare
So we are waiting to get some clarification on those claims.
You posted to a topic that has their statement as the very first message.
I can buy a domain, purchase hosting from ghost and make claims too you know.
I’m not saying these claims shouldn’t be looked into by Wyze though, but, what I am saying is, 12 security is “dead to me”. 
They should be banned from being called a “security company”, since they do not do anything that security companies do. They act more as “hackers” and this to me is very alarming, especially what they are going to do with the data they got from Wyze. They will probably sell it on the dark web.
If so I am sure Wyze will address it.
That post seems like another hit piece. Pointing out that Chinese servers were password-protected while US ones were not? Of course: the mistake was made on a database server located in the US so that’s a trivial statement and they’re clearly twisting the truth. Trying to prove a thesis that “Wyze is Mi is Xiaomi is Hualai is Kingsoft”? Again silly. We know for example that Gwendolyn is a responsive Wyze employee, not a Xiaomi or Hualai employee. Possibly there is hardware overlap, but come on. This latest post again detracts from any credibility that 12Sec still had after the irresponsible disclosure of the exposed database.
As for viewing streams, their first proposed method in this hit piece is using tokens. To remind you, Wyze promptly revoked tokens once notified, so that vector of attack was closed immediately, well before this piece was apparently written. I don’t know why they chose to put that in here at all, given that it is no longer effective anyway, other than to continue to falsely attack Wyze.
Continuing to trust what 12Sec writes without applying thought to it seems to be a bad idea.