A mistake by an employee of Wyze, a manufacturer of smart surveillance cameras and other smart home devices, led to the leakage of his customers' data stored on the company's server.
The cybersecurity company Twelve Security was the first to discover the data breach, and reported it on December 26. In a blog post, Twelve Security said that the server stored information about both users and devices, including name, model name, firmware version, etc.
Users' personal information included data such as names, email addresses, and a wide array of health information, including height, weight, bone density, and daily protein intake. At the same time, information about passwords and finances of clients was not disclosed.
Wyze co-founder Dongsheng Song, who confirmed the leak, claims that some health information was in the database in connection with the beta testing of a new smart product. However, he denied that the company had ever collected information about users' bone density and daily protein intake.
According to Song, the leak was the fault of one of the employees. This information was not stored on a production server, but in a "flexible database" that was created to make queries about customer data faster. The co-founder said that an employee error led to the removal of the server's security protocols on December 4, and the data was in the public domain until December 26, when the company became aware of this problem.
Source: 3dnews.ru