Eufy drops details on privacy bug that showed other peoples' cameras

By Chris Davies/May 19, 2021 12:41 pm EST

Eufy has apologized for its huge privacy breach earlier this week, explaining why some owners of the company's connected cameras were suddenly able to see live video and recordings from other peoples' homes. In a new statement, Eufy – an Anker company – claims that 712 users were affected by the glitch, which it blamed on a server update bug.

That update, installed early on May 17, impacted users in the United States, Canada, Mexico, Cuba, New Zealand, Australia, and Argentina, Eufy said today. Those in Europe, and other regions, were not affected.

The buggy update was installed at 4:50am EDT, Eufy says, and its engineers realized the problem at 5:30am EDT. The incident was considered "fixed" at 6:30am EDT. On Monday, Eufy said that it would be contacting all of the impacted users to alert them to what had happened.

For those in the affected countries, Eufy says, the recommendation is that they unplug and then reconnect the Eufy security home base. They should also log out of the companion app and then log back in again.

While according to Eufy's count, the number of impacted owners is a relatively small one, it remains to be seen whether the nature of the privacy glitch has broader implications on user trust. Eufy says that it plans to upgrade its network architecture in the aftermath of the problem, including adding a stronger authentication mechanism between the servers it uses and the local devices and smartphone apps that owners install.

The full statement from the company, with its other planned changes, is below.

The rise in availability of low-cost cloud storage, along with the commoditization of camera and networking tech, has made launching more affordable connected security cameras far easier. What once might have cost hundreds of dollars per camera, with equally expensive fees for off-site data storage, can now be had considerably cheaper. Nonetheless, it also requires not only trusting companies to handle that data and their own systems sensibly and effectively, but presents a potentially-alluring hacking target to criminals.

Eufy has said that its connected baby cameras, among other products, were not impacted by the software glitch this week. Nonetheless, making wise – and potentially cautious – decisions about where to locate cameras, particularly inside the home and when they're models that can be remotely panned and tilted for a better view, seems wise.

Eufy Statement:

During a software update performed on our server in the United States on May 17th at 4:50 AM EDT, a bug occurred affecting a limited number of users in the United States, Canada, Mexico, Cuba, New Zealand, Australia, and Argentina. Users in Europe and other regions remain unaffected. Our engineering team identified the issue at 5:30 AM EDT and immediately rolled back the server version and deployed an emergency update. The incident was fixed at 6:30 AM EDT. We have confirmed that a total of 712 users were affected in this case.

Although the issue has been resolved, we recommend users in the affected countries (US, Canada, Mexico, Argentina, New Zealand, Australia, and Cuba) to:

Please unplug and then reconnect the eufy security home base.

Log out of the eufy security app and log in again.

All of our user video data is stored locally on the users' devices. As a service provider, eufy provides account management, device management, and remote P2P access for users through AWS servers. All stored data and account information is encrypted.

In order to avoid this happening in the future, we are taking the following steps:

We are upgrading our network architecture and strengthening our two-way authentication mechanism between the servers, devices, and the eufy Security app.

We are upgrading our servers to improve their processing capacity in order to eliminate potential risks.

We are also in the process of obtaining the TUV and BSI Privacy Information Management System (PIMS) certifications which will further improve our product security.

We understand that we need to build trust again with our customers. Thank you for trusting us with your security and our team is available 24/7 at support@eufylife.com and Mon-Fri 9AM-5PM (PT) through our online chat on eufylife.com.