KEY POINTS

  • Security startup firm Wyze may have leftover 2.4 million personal data of its customers exposed
  • A recent Wyze data leak was due to an employee error
  • Wyze's customers' personal data have been left exposed between Dec. 4 and Dec. 26

Wyze, a security camera startup, recently confirmed that it suffered a significant data leak earlier in December. The data leak may have left the personal data of millions of its customers exposed on the Internet. Between Dec. 4 and Dec. 26, email addresses, body metrics, and WiFi network IDs were left unprotected, according to the company.

Over 2.4 million Wyze customers' personal data were affected by a major leak exposed by cybersecurity firm Twelve Security, which first reported about the incident. No financial information or users' passwords were involved in the leak, according to Wyze. The data was inadvertently left exposed when it was moved to a new database to make the data easier to query, according to CNET.

However, it appears that a company employee failed to observe the company's security protocols during the transfer, says Wyze co-founder Dongsheng Song in a forum post. "We are still looking into this event to figure out why and how this happened," he said.

China and Russia pose the biggest threat to cybersecurity in the Czech Republic, the EU member's intelligence agency says China and Russia pose the biggest threat to cybersecurity in the Czech Republic, the EU member's intelligence agency says Photo: AFP / Fred TANNEAU

Database managers are still struggling to maintain sensitive data private over the years. This year, a lot of high-profile data leaks include addresses, names, and demographic data of 80 million US households. Additionally, expected salaries of over a million job seekers and thousands of Facebook passwords.

Users' information exposed in the recent Wyze data leak includes weight, gender, height, and other health information of around 140 users who are participating in testing of new hardware, Wyze revealed. There was no evidence that login tokens were exposed, but there will be the generation of new tokens to sign out all users. All cameras will also automatically reboot in the forthcoming days as a result of the company's additional security measure.

The company said that it will take security more seriously and will reevaluate its procedures. "This is a clear signal that we need to revisit all Wyze security guidelines in all aspects, better communicate those protocols to Wyze employees, and bump up priority for user-requested security features beyond 2-factor authentication," Wyze stated.