Smart device company Wyze has confirmed it accidentally exposed a database containing details from up to 2.4 million customers online.
The incident happened early in December, eventually being noticed by cybersecurity company Twelve Security at the end of the month, when it was reported by video surveillance news website IPVM.
According to Wyze, a budget vendor in smart devices such as cameras, locks, bulbs, and plugs, the database was a test environment for making information processing more efficient.
- Cybersecurity challenges for 2020 (opens in new tab)
- Find the best endpoint security here (opens in new tab).
- Cyber-security with intelligent network monitoring (opens in new tab)
However, while Wyze said it was exposed in error, Twelve Security reported that details included email addresses, usernames, and security tokens - enough information for malicious third parties to take control over any smart devices affected.
Wyze has since reset its systems to help prevent that.
The problem arose when Wyze, using Amazon Web Services to process Internet of Things (IoT) data, left security protocols off that allowed their Elasticsearch data to be accessed online. It remains a reminder to businesses that they are ultimately responsible for security when it comes to cloud computing services (opens in new tab).
However, this isn't the first time Wyze have run into problems with user access. Earlier this year a flaw in their system allowed users to still access smart cameras that had been reassigned to another account.
- Protect against malware with the best antivirus software (opens in new tab).
Via ZDnet (opens in new tab)