Wyze, a company that retails smart devices like security cameras, smart plugs, smart lightbulbs, and intelligent door locks, confirmed at this time a server leak that disclosed the details of approximately 2.4 million customers. The leak occurred after an internal database was by accident exposed online, Wyze co-founder Dongsheng Song said in a forum post revealed over Christmas.
Song mentioned the exposed database — an Elasticsearch system — was not a production system; nevertheless, the server was storing valid user data. The Elasticsearch server, a technology for powering super-fast search queries, was set as much as help the company type via the immense amount of user data.
The leaky server was discovered and documented by cyber-security consulting agency Twelve Security and separately verified by reporters from IPVM, a weblog dedicated to video surveillance merchandise.
Song showed his disapproval with how the two events, Twelve Security and IPVM, handled the data leak disclosure, giving Wyze solely 14 minutes to fix the leak earlier than going public with their conclusions.
Song verified that the leaky server exposed details relating the email addresses prospects used to create Wyze accounts, nicknames users committed to their Wyze security cameras, WiFi network SSID identifiers, and, for 24,000 users, Alexa marks to connect Wyze devices to Alexa devices.