The maker of the seemingly-too-cheap-and-to-be-true smart home cameras Wyze has admitted a data breach, which has exposed the personal data of millions of customers.
The server leak, first revealed by consulting firm Twelve Security, has exposed the email addresses, SSID information and API tokens of a massive 2.4 million users.
The security company said usernames, device models, Wi-Fi SSID information and API tokens for iOS and Android users had been revealed. Alexa tokens from Echo camera users were also leaked, according to the blog post.
The company, which sells $20 cloud-connected indoor security cameras, has admitted the customer data was exposed for a period of three weeks, between December 4 and December 26. On Monday, Waze revealed a secondary database had also been exposed, but the firm is yet to reveal the information compromised as a result.
In a blog post, the company denied the assertion the cheap cameras meant lax security, claiming it takes security as seriously as any company in the space. However, the company did admit it needed to revisit its security protocols to ensure consumer confidence is restored.
The company said that no customer passwords or financial information had been exposed by the breach.
In a blog post, the firm wrote: “We’ve often heard people say, “You pay for what you get,” assuming Wyze products are less secure because they are less expensive. This is not true. We’ve always taken security very seriously, and we’re devastated that we let our users down like this.
“This is a clear signal that we need to totally revisit all Wyze security guidelines in all aspects, better communicate those protocols to Wyze employees, and bump up priority for user-requested security features beyond 2-factor authentication.”
Do you have a Wyze camera? Does this shake your confidence in the firm? Let us know @trustedreviews on Twitter.