Smart home devices often gather personal data from their users. Wyze, maker of high tech home appliances, recently exposed data from 2.4 million customers by accident.
By Chand Bellur
December 30, 2019 at 10:40 p.m. PDT
Offline Copy of Database Exposed by Accident
Despite how careful technology professionals try to be, accidents can happen. Wyze, known for creating innovative and inexpensive smart home devices, recently exposed millions of customer data records.
The accident occurred due to human error. Wyze made a copy of their production database, for use in offline processing. This allows them to run complicated queries on the data, without slowing down the user experience. The problem occurred when an employee accidentally removed security protocols on the database, opening it up to virtually anyone.
No Major Impacts From Exposure
As it stands, this incident exposed data, however, there are no known cases of the data being accessed. It’s possible that the exposed data went unnoticed, however, it’s always safe to assume the database was accessed and copied.
The database itself contained personal information about users, such as email address, gender, height, weight and other vital statistics. Passwords were not stored in this database, but Wyze Chief Product Officer Dongsheng Song advised users to beware of phishing attempts.
Avoid Possible Phishing Attempts
Exposed email addresses can be used to trick unsuspecting users into handing over their passwords. Using a technique known as phishing, malicious actors send users an email that looks like it’s from a legitimate company, such as Wyze. They direct you to a site that looks legitimate, asking you to enter your user name and password. From there, they steal your password and use it against you.
Given the nature of smart home devices, a compromised account could have serious consequences. The cyber criminal could ransom your account or just use it to spy on you, using your own home security cameras.
You can avoid phishing attempts by never falling for them. If any company is asking you to login through an email link, be suspicious. For the most part, email services and clients are very good at filtering out phishing attempts. Unfortunately, this is often after thousands of people have been affected.
If you receive an email from a company such as Wyze asking you to login, don’t use the link provided in the email. Instead, go to their main website, ensure that the certificate is valid (click on the lock icon in the address bar), and login from there.
Wyze fixed the security breach, however, it’s unclear whether cyber theft occurred. Users should always be cautious about email links to login pages. With smart home appliances surveilling our everyday lives, it’s all the more important to avoid criminal intrusion.