Wyze friends,
On Friday morning we had a service interruption that caused a security incident. Your account and over 99.75% of all Wyze accounts were not affected by the security event, but we wanted to inform you about the incident and let you know what we're doing to make sure it doesn't happen again.
The outage originated from our partner AWS and left Wyze devices out of service for several hours early Friday morning. If you tried to view live cams or events during that time, you probably couldn't. We are very sorry for the frustration and confusion this caused.
While we were working to get the cameras back online, we experienced a security issue. Some users reported seeing incorrect event thumbnails and videos in their Events tab. We immediately removed access to the Events tab and launched an investigation.
We can now confirm that when the cameras came back online, around 13,000 Wyze users received thumbnails of cameras that were not their own and 1,504 users touched them. Most taps enlarged the thumbnail, but in some cases an event video could be viewed. All affected users have been notified. Your account was not one of the affected accounts.
The incident was caused by a third-party caching client library that was recently integrated into our system. This client library received unprecedented load conditions caused by devices coming back online all at once. As a result of increased demand, it confused the assignment of device and user IDs and connected some data to incorrect accounts.
To make sure this doesn't happen again, we've added a new layer of verification before users connect to event videos. We have also modified our system to prevent caching to verify user-device relationships until we identify new client libraries that undergo extensive testing for extreme events like those we experienced on Friday.
We know this is very disappointing news. It does not reflect our commitment to protecting customers nor does it reflect the other investments and actions we have taken in recent years to make security a top priority at Wyze. We built a security team, implemented multiple processes, created new dashboards, maintained a bug bounty program, and were undergoing multiple third-party audits and penetration tests when this event occurred.
We must do more and be better, and we will. We are very sorry for this incident and are dedicated to rebuilding your trust.
If you have questions about your account, please visit support.wyze.com.
Wyze Team