Security camera and smart device maker Wyze Labs has confirmed a data breach that left exposed a database containing information on reportedly 2.4 million of its users.
Wyze Co-founder Dongsheng Song confirmed the data breach on December 27 and said the exposed database contained a large amount of personal, product and some medical information.
Song detailed the chain of events noting the company received notice of the open database on December 26 when the cybersecurity firm Twelve Security posted news of the lead.
“In this case, both the company's production databases were left entirely open to the internet. A significant amount of sensitive information generated by 2.4 million users, all coincidentally outside of China, was the result,” Twelve Security wrote.
Wyze has not confirmed the number of its customers affected.
The database itself, which had just been created, was initially set up correctly, but an employee made an error on December 4 leaving the information exposed, Song said.
“We copied some data from our main production servers and put it into a more flexible database that is easier to query. This new data table was protected when it was originally created. However, a mistake was made by a Wyze employee on December 4th when they were using this database and the previous security protocols for this data were removed. We are still looking into this event to figure out why and how this happened,” Song said in a post on the company’s website.
As an added precaution Wyze has refreshed its iOS and Android API tokens even though there is no evidence they were compromised.
The company is in the process of information those affected but did not say when the notifications would be sent.
Song apologized for the breach but defended his company’s overall approach to securing its products.
“We’ve often heard people say, “You pay for what you get,” assuming Wyze products are less secure because they are less expensive. This is not true. We’ve always taken security very seriously, and we’re devastated that we let our users down like this,” he said.