CYBER & INFOSEC

"blogger, InfoSec specialist, super hero ... and all round good guy" 

DISCUSSIONS, CONCEPTS & TECHNOLOGIES FOR THE WORLD OF

JOIN THE DISCUSSION

Wyze Data Breach Affects 2.4 Million People

Wyze, a brand best known for their budget security cameras, announced in a post on the brand’s forums that it had suffered what is likely to be the last major data breach of the 2010s.


According to the company, more than 2.4 million records were exposed after a database containing user information was left unprotected for nearly four weeks.


Wyze’s Announcement of the Breach


The records were left unsecured when a company employee copied information from one database to another and failed to follow internal security policies, resulting in an unprotected database.


In the company’s post, a member of the Wyze team said that passwords, government ID information, video files and user financial info was not at risk. However, device information and metrics — including Alexa integration tokens — were made available by the breach and may have been accessed by unauthorized parties.


The company also said that the breach lasted for 23 days, starting on December 4 and continuing through December 26. Wyze learned of the vulnerability on the 27th.

In response to the breach, the company has taken a few different security measures — including forcing users to re-login to accounts, refreshing API tokens and un-linking third-party integrations.


These measures should prevent hackers from using any stolen tokens to access Wyze devices or user accounts.


According to the company’s statement, their internal investigation isn’t finished yet, meaning that the total number of records exposed could grow over the next few weeks as more information becomes available.


2019 in Data Breaches


The breach came at the end of a year that was one of the worst so far for data breaches. 2019 featured a number of high-profile hacks and breaches, including those suffered by big names like Capital One and Facebook.


As with Wyze, most of these breaches were less about the skill of hackers and cyber criminals and more about serious security vulnerabilities and poor security practice.

Capital One’s records were exposed by a misconfiguration of the company’s firewall that allowed a hacker to access their network without being detected. It’s possible that the only reason Capital One became aware of the breach is because of how public the hacker was about both the hack itself and the data she stole.


Amazon, who provided the firewall via their cloud platform, Amazon Web Services, has denied responsibility for the breach — but also pushed an update that should provide companies with better defenses against the kind of attack the hacker used.


The multiple Facebook breaches this year were also less about hackers and more about poor data security. After a company announcement in March that millions of Instagram passwords had been stored in plain text, Facebook disclosed that more than 400 million phone numbers linked to user accounts were totally unprotected.


Additional unsecured records were found to contain even more information — including names, genders and locations.


It’s likely that as data becomes more valuable, these breaches will only become more common over the next few years. Because of this, it’s important for individuals to take the necessary security precautions when sharing information on their computers and mobile devices.


What the Wyze Breach Means For Cyber Security


The Wyze breach was serious — however, even though 2.4 million records is nothing to laugh at, it may be overshadowed by this year’s other major breaches.


If this breach is remembered, it will likely be as a cautionary tale used to explain the importance of following security policies.


In the future, the Wyze breach may be a useful point of comparison as these kinds of breaches — those caused by internal security mistakes — become more common as data moves to the cloud and companies hold on to larger and larger sets of customer data.


Written by:

Kayla Matthews journalist & writer

kaylaematthews@gmail.com https://productivitybytes.com

doctorchaos.com and drchaos.com is a blog dedicated to Cyber Counter Intelligence and Cybersecurity technologies. The posts will be a discussion of concepts and technologies that make up emerging threats and techniques related to Cyber Defense. Sometimes we get a little off-topic. Articles are gathered or written by cyber security professionals, leading OEMs, and enthusiasts from all over the world to bring an in-depth, real-world, look at Cyber Security. About this blog doctorchaos.com and drchaos.com and any affiliate website does not represent or endorse the accuracy or reliability of any information’s, content or advertisements contained on, distributed through, or linked, downloaded or accessed from any of the services contained on this website, nor the quality of any products, information’s or any other material displayed, purchased, or obtained by you as a result of an advertisement or any other information’s or offer in or in connection with the services herein. Everything on this blog is based on personal opinion and should be interoperated as such. Contact Info If you would like to contact this blog, you may do so by emailing ALAKHANI(AT)YMAIL(DOT)COM  

SOCIALS 

SUBSCRIBE 

 Keeping you informed | Latest News 

© 2018 Dr. Chaos