Category: blog

I could tell something was wrong by the awkwardly formal introduction of the email we just received:

There is nothing we value higher than trust from our users. In fact, our entire business model is dependent on building long-term trust with customers that keep coming back. We are reaching out to you because we’ve made a mistake in violation of that trust. On December 26th, we discovered information in some of our non-production databases was mistakenly made public between December 4th – December 26th. During this time, the databases were accessed by an unauthorized party.

Wyze cam data breach update

“Wyze Cam” suffered a data breach and user data was stolen. The company just sent out an email informing their customers about what happened.

Let’s repeat together: Digital products make great targets for hackers. I am a target because I use digital products.

To be fair, the “unauthorized party” did not “access” (access = steal) sensitive data like credit card data, video footage or passwords.

The hackers accessed Wyze device names, user emails, profile photos, WiFi router names, and some Alexa integration tokens.

That’s good and probably an indicator of a segregated infrastructure. (A security process to make it harder to access and steal data.) In this case the hacker didn’t actually have to “break in” because the door was left open. And believe me, that happens more often than we think it would.

“Information in some of our non-production databases was mistakenly made public“

Wyze cam data breach update

It reads like the developer-team did a mistake and accidentally left a non-production database open.

Doesn’t that clearly show that people make mistakes and also that hackers are waiting for those to happen. (Because it’s a lot easier.)

A Person + Large Database + “Tiny Mistake” = Big Problem

As a user you can’t really do anything about a company’s data security and protocols. You really do have to rely on them doing their homework.

Let’s pretend your account password and email would have been stolen: The hackers could immediately use this data to perform “credential stuffing” – an automated protocol that would test your data with the most common platforms such as facebook, gmail and others.

Although in this case it’s just a hypothetical scenario: The only thing preventing credential stuffing from working is when you either NEVER REUSE YOUR PASSWORDS and have a dedicated password for each account or have TWO FACTOR AUTHENTICATION enabled.

So, we are not surprised about this paragraph in the email. However, we would have “urged” the users to add two-factor authentication, explained a little bit more about what it is and how it locks out hackers. From our perspective the term “may” is way too polite and does not stress action.

As an additional security measure, we recommend that you reset your Wyze account password. Again, no passwords were compromised, but we recommend this as a standard safety measure. You may also add an additional level of security to your account by implementing two-factor authentication inside of the Wyze app.

Wyze cam data breach update

Securing your accounts is not hard. It’s just diligence.

Let this be a friendly reminder for you to secure your accounts with strong passwords and two-factor authentication.

The numbers are staggering. Essentially they say: every other person does not have strong passwords and pretty much does not care either.

• 

• 

• 

And that is according to a report surveying more than 1,700 IT experts. If anybody would know about passwords, it’s them.

The survey found as well:

• 51% have experienced a phishing attack their personal life
• 44% have experienced a phishing attack at work
• And still 57% have not changed their password behaviors
• 69% admit to sharing their passwords

Those numbers are pretty sad. We hope they don’t encourage you to keep up with your own bad password choices.

If you don’t use two-factor authentication you are obviously in “good company.” And you are also much more likely to be hacked.

We urge you to take action today: Start activating two-factor authentication on all your accounts.

A recent WMC5 News article reports about a family that just encountered hackers within their children’s room. The intruders had managed to gain access to their camera which lets you see and talk through it via an app on your mobile device.

The parents had done extensive research to make sure, they would purchase a secure device, given the sensitive nature of security cams that work through the internet. They felt secure with their choice and installed the camera in their children’s room.

However they didn’t enable two-factor authentication.

Weak passwords are an easy target for hackers because they can run an automated software that tries out a list of passwords automatically. All the hacker has to do is sit back and wait.

Once you add 2-factor authentication this is no longer possible.

Even if the automated software got a “hit” and found your password they could not automate the second factor.

Currently most apps will allow you to add your phone as the second factor, sending out a one-time pass-code after the correct password has been entered.

How to set-up two factor authentication for the most popular wifi cams

• Setting up two factor authentication for your ring cam
• Setting up two factor authentication for wyze cam
• Two factor authentication for arlo cam
• Google nest two factor authentication
• Amazon cloud cam two factor authentication