Wyze Labs Inc., the makers of the Wyze cam security camera, have confirmed customer information including WIFI router names and user emails was exposed to the public for weeks.
Wyze CEO Yun Zhang said in an email sent to customers that information on company databases – from customers’ nicknames to user emails, profile photos, WIFI router names and other information – was public between Dec. 4 and Dec. 26, and was accessed by an “unauthorized party.”
Passwords, personal financial data and video content were not compromised in the leak, the company said.
The breach was disclosed in a blog post on Twelve Security on Dec. 26 and claimed 2.4 million customers worldwide may have been affected.
Wyze said the leak happened after customer data was copied into a flexible database that is easier to query.
The company said a mistake was made by an employee who was using the database on Dec. 4, and the security protocols for the data were removed.
“We are still looking into this event to figure out why and how this happened,” the post reads.
In an update on Monday, Wyze said a second database was also exposed, but did not provide further details.
Co-founder at Wyze, Dongsheng Song, told the The New York Times that the company “didn’t properly communicate and enforce our security protocols to new employees.”
“We should have built controls, or a more robust tool and processes to make sure security protocols are followed,” he said.
In the email, Zhang said once Wyze found out about the leak the company took “immediate action to secure it by closing any databases in question.”
Wyze also forced all users to log in again, create new access tokens and required users to reconnect Alexa, Google Assistant and IFTTT integration.
As an additional security measure, Wyze said customers affected by the breach should reset their passwords.
“Again, no passwords were compromised,” the email reads. “But we recommend this as a standard safety measure.”
Wyze said it will “learn from this mistake and will make improvements going forward.”
According to Zhang, Wyze is working to enhance security processes, improve communication of security guidelines to employees, and is making user requested security features a “top priority” in the coming months.
Zhang said Wyze is also partnering with a third-party cybersecurity firm to audit and improve the company’s security protocol.
Wyze was founded in 2017 by former Amazon employees. The company manufactures inexpensive smart-home devices including wireless cameras.