[Updated 02-13-20] Data leak 12-26-2019

Have you seen the new blog post from 12Sec this morning?

Not yet, to be honest I don’t pay that particular source any attention. They did not handle anything about this in even close to a professional manor and they drew some pretty laughable conclusions.

Yep they did indeed stumble on an exposed database. But as they say even a broken clock is correct twice a day.

Seriously, read their post about Credit Karma. That’s when I realized they did not even understand how the domain naming system works. And when I decided to ignore anything else they had to say.

2 Likes

Excellent Wyze :clap:t3::clap:t3: Stellar way to conduct business, only question is WHY?!
Sincerely, pissed off!

OH and don’t come AT me for this, contact Apple.

If you ever get an answer to the why question please share. I have the same question for @700 odd companies that have had serious breaches in the last two years.

3 Likes

Yea!!! I’m pissed too. Why did Twitter, Facebook, Home Depot, Target, and all these other companies I use do this?

It seems to me everyone is wanting to just give my information to the public without asking me first. Or let those hacker’s get in and take my information.

/s

I just found out about this data breach. It is major. I immediately went to the Wyze website and then to this forum looking for a statement from Wyze. I have not found any comment from them. They owe us all at least details of the breach and an apology and reassurance that corrective measures have been taken to prevent such events in the future. Here is an interesting statement from a third party security consulting firm. Wyze Essay 1 - Your information is exposed.

I don’t think they want to GIVE your information, they are probably selling it. And it’s likely that within the million words of legalese in the TOS you signed away the rights.

1 Like

Lol… FYI, /s at the end of my post means I’m being sarcastic

:smile::smile::stuck_out_tongue_closed_eyes:

Edit: maybe you being funny too though, but you are right :slight_smile:

1 Like

That’s fair. They certainly did not handle disclosure properly - at all.

Yeah, their reputation is pretty much non-existent, but it’s worth giving a read. I don’t want to give them any sort of validation, but they are making some additionally concerning claims today.

1 Like

They seem to have a personal vendetta against Wyze, and any company they feel have dealings with China.

If I had time, I would look up to see if a business, with that name, was even registered in the state they say they are from.

EDIT: clarifications

2 Likes

I too agree that 12Sec does not deserve benefit of the doubt. Their disclosure of this was irresponsible. Further the exposed information has already been explained to not be in the same league as previous capital-B Breaches. Really this seems a minor leak compared to all the others that happened previously. Do people here still shop at Target? At Home Depot? Those breaches were much more serious with actual meaningful information. This lower-case b breach is minor with relatively inconsequential information.

As for an email, I imagine that Wyze is making sure they have all the facts straight and have also locked down any similar/related issues before notifying their userbase. It would be worse if they notify, then shortly thereafter have another similar issue made public. I applaud their course, being cautious while providing updates in this (public) thread to people who are keen to follow along.

4 Likes

Well, they say they’re from Texas or New Mexico, depending whether you go by their Twitter or their website. Ha.

1 Like

I understand that the Wyze team is researching and curating their response. My issue is that the Wyze team is not pushing any updates. Users must poll for updates by periodically returning to [Updated 12-29-19] Data leak 12-26-2019 I’d like t see a public plan for official daily (minimum frequency) updates rather than 200+/day rants on this thread.

… or get their health insurance from Anthem (as I did in 2015)?

Anthem medical data breach

1 Like

A few months ago in a thread I posted an email from amazon stating that it’s up to wyze to amend the details on amazons site.
Gwendolyn asked for it.
So not a comment…a fact.

MOD NOTE: Post edited to conform to the Community Guidelines

I will wait and see as the saying goes. I have a very good friend that does this stuff very successfully for a living. He teaches for SANS Institute among others and has numerous Fortune 500 clients. Put it simply, he is still laughing. Said he would not honestly trust anything they have to say. He agreed they had legitimately found an unsecured database but a lot of what they have to say is technically not correct and they say “as I will show/see later” a lot and then never do.

Hey maybe this person will make us all look silly and expose Wyze as a front for a mainland Chinese spy ring injecting horrible malware into our home routers. But I really truly don’t think so. But as they say, never assume because… well you know the rest of that old saw.

Edit: Changed out to our.

1 Like

I was wondering why I all of a sudden I started to receive junk mail on my personal e-mail account.

Wait what? I can’t change the email on my account without starting over?

Yes, at the moment it is not a user editable field. I suspect that will change soon.

Sadly … YES.

Members need to Vote on this !

signed…the newbie.