Smart security device company Wyze confirmed recently that it suffered a data leak earlier this month that may have left information about millions of its customers exposed.
Wyze, which sells inexpensive security cameras and other smart home devices, confirmed over the weekend that it was made aware of a data leak last week and that “some Wyze user data was not properly secured and left exposed from December 4th to December 26th,” Wyze co-founder Dongsheng Song wrote in a forum post.
Twelve Security, a cyber-security firm, said 2.4 million users were effected by the leak.
The company said that an employee made a mistake when transferring the data from one database to a newly created one, exposing the data, Song said. The exposed data did not include passwords or financial data, but did include customers emails, camera nicknames, WiFi network IDs, and some body metrics data for beta testers.
“This is a clear signal that we need to totally revisit all Wyze security guidelines in all aspects, better communicate those protocols to Wyze employees, and bump up priority for user-requested security features beyond 2-factor authentication,” Song wrote in the posting.
On Sunday, Song gave an update on the company’s investigation into the leak and during an audit they found that another database was left unprotected. Song added that passwords and personal financial data were not included in the database.
Song said affected customers will receive an email notification about it and cameras will reboot in the coming days.