Monday, 30 December 2019

Wyze exposes customer details online

Smart device company Wyze accidentally exposed a database online containing details from up to 2.4 million customers.

The incident happened early in December, eventually being noticed by cybersecurity company Twelve Security at the end of the month, when it was reported by video surveillance news website IPVM.


Data exposed

According to Wyze, a budget vendor in smart devices such as cameras, locks, bulbs, and plugs, the database was a test environment for making information processing more efficient.

However, while Wyze said it was exposed in error, Twelve Security reported that details included email addresses, usernames, and security tokens - enough information for malicious third parties to take control over any smart devices affected.

Wyze has since reset its systems to help prevent that. 

The problem arose when Wyze, using Amazon Web Services to process Internet of Things (IoT) data, left security protocols off that allowed their Elasticsearch data to be accessed online. It remains a reminder to businesses that they are ultimately responsible for security when it comes to cloud computing services.

However, this isn't the first time Wyze have run into problems with user access. Earlier this year a flaw in their system allowed users to still access smart cameras that had been reassigned to another account.

Via ZDnet

https://ift.tt/2Qvqhq7

No comments:

Post a Comment