Your Wyze webcam might have let other owners peek into your house

Image: Wyze

Some Wyze security camera owners reported Friday that they were unexpectedly able to see webcam feeds that weren’t theirs, meaning that they were unintentionally able to see inside of other people’s houses. A Wyze spokesperson tells The Verge that this was due to a web caching issue.
Earlier on Friday, users on Reddit made posts about the issue. “Went to check on my cameras and they are all gone be replaced with a new one… and this isn’t mine!” wrote one user. “Apologies if this is your house / dog… I don’t want it showing up as much as you don’t want it!”
“I am able to click the events tab and see ALL the events on this random person’s camera INSIDE their house,” wrote another.
“I don’t know why, but I can see someone else’s camera,” wrote another.
Each thread has comments from other Reddit users reporting similar issues. Shockingly, I even saw some instances of people claiming they saw the same cameras that other people did.
The user reports indicated that they were seeing the other feeds through Wyze’s web viewer at A Wyze employee told a user on Reddit that the page is “currently under maintenance” and that “we are working on this and will update when it’s available again.” Wyze’s status page posted a similar message on Friday at 5:44PM ET.
A Wyze customer support agent confirmed to me that the company has an issue with its online camera portal — one where people were actually able to see other customers’ camera feeds. “While we work to get this resolved, Wyze Web View functionality may be limited or unavailable,” they told me. The agent was not able to provide an estimate for when the issue would be fixed.
“We and our team are already working to improve our security and to investigate the root cause of this,” the agent said. When I asked if they could share what those improvements might be, the agent responded: “I cannot disclose any further information.”
After we published this story, Wyze spokesperson Dave Crosby shared a statement explaining what happened. Although Crosby says the issue is resolved, the status page still says is under maintenance as of late Friday evening.
Here is Crosby’s statement:

This was a web caching issue and is now resolved. For about 30 minutes this afternoon, a small number of users who used a web browser to log in to their camera on may have seen cameras of other users who also may have logged in through during that time frame. The issue DID NOT affect the Wyze app or users that did not log in to during that time period.
Once we identified the issue we shut down for about an hour to investigate and fix the issue.
This experience does not reflect our commitment to users or the investments we’ve made over the last few years to enhance security. We are continuing to investigate this issue and will make efforts to ensure it doesn’t happen again. We’re also working to identify affected users.

In a followup email on Friday, Crosby added that “our early evidence is showing about 10 users are affected.” I’ve asked for clarification on that; I’m not sure if that means about 10 people were able to see feeds that weren’t theirs or if about 10 users’ feeds were viewable by others.
In March 2022, Wyze revealed that it had been aware of a security vulnerability for three years that could have let bad actors access WyzeCam v1 cameras, but quietly discontinued the camera rather than telling customers about it.
Update September 8th, 11:45PM ET: Added statement from Wyze.

Leave a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.