After a widespread service outage followed by a security breach that exposed private video events to more than 13,000 of its users, Wyze did the one thing it had to: it apologized.
“We must do more and be better, and we will,” read a Wyze email to its customers, which the company sent out over the weekend. “We are so sorry for this incident and are dedicated to rebuilding your trust.”
That apology, however, came only after Wyze blamed the initial service outage on its partner, Amazon Web Services. (It’s still not clear exactly how AWS sparked the Wyze outage, and it doesn’t appear any other online services were hit with AWS issues on Friday.)
This news story is part of TechHive’s in-depth coverage of the best home security cameras.
And as for the subsequent privacy breach that allowed roughly 13,000 Wyze users to see thumbnails of video events from other Wyze owners, Wyze called out a “third-party caching client library” that buckled under “unprecedented load conditions” as Wyze cams were coming back online.
“We know this is very disappointing news,” the Wyze email continues—and yes, it is disappointing, given the prior security breaches that Wyze has suffered in recent years.
But Wyze then pivots into damage control mode, proclaiming that the camera breach “does not reflect our commitment to protect customers or mirror the other investments and actions we have taken in recent years to make security a top priority at Wyze.”
Well, I’d argue that Friday’s breach does reflect Wyze’s commitment to privacy, and not in a good way.
Tellingly, Wyze co-founder Dave Crosby used almost precisely the same language after Wyze’s last security breach, just five months ago, when some Wyze users were—again—able to see the cameras of other Wyze owners. (“This experience does not reflect our commitment to users or the investments we’ve made over the last few years to enhance security,” he wrote at the time.)
As for the latest breach, Wyze says it’s eying a number of remedies:
To make sure this doesn’t happen again, we have added a new layer of verification before users are connected to Event Videos. We have also modified our system to bypass caching for checks on user-device relationships until we identify new client libraries that are thoroughly stress tested for extreme events like we experienced on Friday.
That’s all well and good, but Wyze’s quick fixes are starting to feel like patches on an increasingly leaky tire.
In the meantime, many Wyze users over at the Wyze subreddit have announced they’re unplugging their Wyze cams and deleting their accounts.
For now, my Wyze cam is unplugged, too.