Wyze Camera Data Breach Affects 2.4 Million, Includes Alexa Info

2.4 million Wyze customers have had data publicly exposed including user name, email, wifi details, Alexa information and more.

Home cameras and electronics were as popular as ever for gifts this holiday season. Many who received new Wyze cameras for the holidays in 2019 will not be at risk since only users who created accounts prior to Dec. 26, 2019, have had data exposed.

Wyze widely announced the breach to users today. It was mentioned on a security blog on Dec. 26., 2019. Wyze learned about the security breach after another publication wrote about the security blog.

Wyze says:

On December 26th, we discovered information in some of our non-production databases was mistakenly made public between December 4th - December 26th. During this time, the databases were accessed by an unauthorized party.

The information did not contain passwords, personal financial data, or video content.

Wyze lists the data that was exposed:

• User name and email of those who purchased cameras and then connected them to their home.
• Email of any user they ever shared camera access with such as a family member.
• List of all cameras in the home, nicknames for each camera, device model and firmware.
• WiFi SSID, internal subnet layout, last on time for cameras, last login time from app, last logout time from app.
• API Token for access to user account from any iOS or Android device.
• Alexa Tokens for 24,000 users who have connected Alexa devices to their Wyze camera.
• Height, Weight, Gender, Bone Density, Bone Mass, Daily Protein Intake, and other health information for a subset of users.