Wyze bills itself as the smart home system for the masses but some seem to have taken issue at the hidden costs of its affordability. The recent report of a massive database breach just a day after Christmas definitely doesn’t help Wyze cause, especially when it has to disclose that another database was apparently breached as well. This time, however, Wyze assures customers that the impact is less than feared but has yet to confirm what exactly was leaked.
Wyze learned of the data breach on December 26th from the report of a site that didn’t inform the company first before going public. Trying to err on the side of caution, it closed access to the database pending investigation. Unfortunately, it did confirm the data leak but assures customers that no financial information was taken.
It did confirm that emails and WiFi SSIDs (names) were included in the data exposed by having the database open for public access. The body and health details that were mentioned in the report were apparently only from a limited number of beta testers of health-related products. In effect, Wyze is saying it wasn’t gathering such data on all its users.
Unfortunately, it was just informed by a community member that another one of its databases was left unprotected yet again. Wyze explains that, unlike the previous breach, this was not a production database and no passwords or financial information was left exposed. It is still investigating what exactly was leaked and how it happened.
Wyze blamed the first incident on making a copy of its production database for running data queries on the side but accidentally left that copy unprotected and exposed. Customers are naturally worried that such an internal activity even took place and that Wyze didn’t exercise extra precaution at securing that database. As a company that makes products that people trust with their safety and security, that’s a very damning misstep.