Any response to the verified breach and how we can protect ourselves?
If they want to save face they need to post often and be transparent. I don’t mind supporting them through a tough time, but a lot will depend on how they communicate through this ordeal.
I’d love an update from the company.
Thanks for bringing this up. We are looking into this as a top priority and would like to provide the most accurate information. We will update once we have more information about this.
Does this explain the recent instances of server weirdness?
I’ve replaced all my Wyze plugs due to scheduling unreliability.
The Wyze app SD card playback is now a pain. Now this. Looks like I’m going to have to replace my cams, too, starting with the interior ones.
I find it ironic that Wyze refuses to use https and instead relies on its own encryption scheme, saves the clips to its own servers, that are open to the internet?
You should allow people to use your cameras without having to hand-shake with your servers.
“API Token for access to user account from any iOS or Android device”
That is big problem, if that means unrestricted access camera feeds.
I know it sucks for Wyze this happens over the holidays, but they need to pull EVERYONE on to this and deliver hourly updates. Right now, the best cause of action for people, is to disconnect your Wyze cameras, until we know the scope of “damage”.
MOD NOTE: Post edited to conform to the Community Guidelines
Is Twelve Security even real? I can’t find any web news about them other than today. None of the Cyber security folks I reached out to ever heard of them. The link above points to an article full of misspellings and poor language use.
Twelvesec.com is real but the 2 do not appear to be related? I think there is something fishy about this?
IPVM is most defiantly real and they have confirmed it. It would be wise to trust this as valid, and take the necessary precautions, rather then regret it after.
I sure hope that report is fake. But what if it’s real?
They say they reached out to Wyze but haven’t heard from them. If the report is fake, I expected Wyze to bash them immediately but they didn’t.
I’ve often wondered how tiny cam is able to access the Wyze servers, hmm?
I know IPVM is real but they have not confirmed it merely repeated it. By the way the address listed on Twelve Security’s web site is a used car lot. Also the website and blog both went live in October. The article about Wyze is their only actual content. Their Twitter account is all retweet’s no real content. I think this is a scam.
Wyze has responded and I would imagine is doing due diligence right now. It’s one thing for me to do my checks quite another for them to do them and be positive. Wait and see but to be honest I am not worried. Well no more than I usually am.
Except IPVM has confirmed it, according to them.
First line in their article “and confirmed by IPVM, who has spoken with Twelve Security and reviewed the records.”
I’ve disconnected my cams, until we have some further information. The breach has already happened, so tons of data has been leaked, but the wise thing to do, is limit further leaks from your live cams.
You should do what you think best and safest for you. As far as I am concerned I have a really hard time being worried about this yet. But even if my cameras are hacked and shared its fine. The view of the pond is relaxing! By the way the only confirmation IPVM has done as far as I can tell is read this thread.
We are still investigating and taking this very seriously and will share any information the moment that we can.
Should I be unplugging my cams?
I would do what you feel the safest with, I personally have not unplugged anything yet. I am taking a wait and see approach while letting WYZE verify. I have yet to truly see anything verified out there that makes me feel that I need to pull anything.
IPVM claims they have talked with Twelve Security and reviewed the records, that’s a bit more then reading this thread.
While a view of your pond sounds nice, people who are using the cams to monitor people, eg. children, should be a lot more concerned. Off course people can do what they want, but I’m keeping them off, until this mess has been cleared.
I’d encourage you to do whatever makes you feel safest. I don’t have any cameras that are particularly sensitive, but I understand that many people do. This appears to be only hours old, but I imagine Wyze will give us more substantial updates as soon as they can.
Do what you think best, I would never advise differently. For myself I think I will wait. The article on the security site about Credit Karma was actually laughable so I am now personally certain that both Sites are not what I would consider trustworthy at all.
However that’s only my opinion, and may or may not be correct. As I said do what you feel comfortable with. I am certain Wyze is taking the allegation seriously and doing their part to verify and rectify.
I am going to wait until I see an actual mea culpa from Wyze or a reputable security source comment.