Changing images: Wyze reports a new data breach

A street in West London. Image © Tim Sandle.

Security cameras have become very popular for people to plug into their home network, hoping this with deter burglars (or should a robbery happen, that some footage of the event will be captured). Yet how secure is the digital image data?

Recently, Wyze users encountered a camera breach with the cybersecurity incident impacting some 13,000 users. Users started noticing something was amiss after the website displayed thumbnails that came from camera feeds that weren’t theirs. 

The company has experienced issues in the past. In 2022 it was announced that for three years, Wyze has been fully aware of a vulnerability in its home security cameras that could have theoretically let hackers access your video feeds over the Internet (according to The Verge).

With the new data breach, this was heralded by a large service outage for the smart home brand that severed the connection between Wyze’s app and its cameras on February 16, 2024.

Last year, 3,205 cases of data compromises occurred, affecting over 353 million users.

Dean Drako, CEO of Eagle Eye Networks, has told Digital Journal how any IOT device has the potential to cybersecurity breaches, and must be fortified against vulnerabilities long before a breach has occurred.

Drako begins by assessing the ramifications of the data incident: “News of the Wyze breach is an important reminder that cybersecurity cannot be an afterthought. While any IOT devices – including security cameras – are susceptible to cybersecurity breaches, there are steps that can be taken to minimize risk.”

Broadening the issue to businesses in general, Drako singles out plug-ins: “Vulnerabilities attributed to third-party partners reinforce the importance that sound cybersecurity practices should be built in from the ground up. It is also essential to train employees in cybersecurity best practices.”

So what can be learned from such events? Drako maintains: “Businesses must be proactive and vigilant to ensure that their networked systems eliminate as many risks as possible and protect the confidentiality, integrity, and availability (CIA) of data.”

Drawing on an example from his own firm, Drako uses: “At Eagle Eye Networks we’re fortunate because we’ve been thinking about cybersecurity since I founded the company in 2012. Cybersecurity is top of mind in everything we do, across all of our 13 global data centres, and all of our products; cybersecurity is in our DNA.”

Showing that some positives can be drawn from the incident, Drako remarks: “We applaud Wyze for notifying customers of the breach and their transparency in what transpired.”