Wyze established itself as an inexpensive brand of home security cameras, but customers should be aware of a major data breach that just took place.

User data in Wyze's database sat out in the open for more than three weeks. In fact, the Seattle-based company didn't discover the data breach itself. Twelve Security, an independent research firm, identified the security vulnerability and reported on it ahead of Wyze confirming what happened.

Now, Wyze has announced a second database was left unprotected during the same period. More than 2.4 million customers are affected by this data breach.

An internal project aimed to enhance measurements of metrics such as device activations and failed connection rations; however, in the midst of copying user data, an employee apparently disregarded existing security protocols. When the user data transferred from main production servers to the more flexible database, Wyze failed to protect personal information.

Passwords, government-issued identification, and financial information were not obtained in the databases, but user data relating to Wi-Fi service set identifiers, device information, body metrics, and Alexa integration tokens could be at risk. Additionally, the databases stored email addresses.

The data breach started on December 4 and continued through December 26. However, Wyze learned of the second database's security vulnerability on December 27. Both security vulnerabilities have since been addressed.

"Again, we are deeply sorry for this situation. Thank you for your patience as we work through this process," co-founder Dongsheng Song said in the forum post. "We have been reading through everyone's comments and are continuing to work together on methods to improve our security and ensure that similar occurrences never happen again."

Further, Wyze denies accusations that user data had been sent to Alibaba Cloud. It also denies analyzing daily protein intake and bone density even for products in beta testing. Wyze disputes the claim that it experiences a similar breach six months ago, and the company now appears completely focused on investigating the most recent data breach before another occurs.

The amount of leaked user data might change. Wyze's investigation has not concluded, and it'll share updates on its community forum.

Customers affected by this data breach are still left in the dark, but Wyze plans on rolling out an email notification advising them on next steps if their personal information fell into the wrong hands.

Further Reading

Home Security Reviews