On Dec. 26, 2019, Wyze, a Seattle-based company that sells smart appliances, was said to compromise personal information such as email accounts and usernames of over 2.4 million of its users. Most of these users are said to be from the United States. This issue was already resolved by the company through sending apologies and warning emails to their users that the 'massive data breach' was true, and users must be alarmed. The question is, how did this happen again on Wyze?
How Did This Issue Gone Viral?
As a backgrounder for the issue, a Medium article by Twelve Security from Texas was recently published online. In this article, Wyze was said to be hacked on its two Elasticsearch databases that have the personal information of their users. Information like usernames, emails, a list of cameras at home, Wifi SSID, API Tokens for access to the user account from any iOS or Android device, Alexa token information, and even health data registered were compromised. Twelve Security also claimed that all of these data were sent to Alibaba Cloud-- located in China.
At first, Wyze denied the claim of Twelve Security by saying that they have no relationship with Alibaba Cloud, and the data breach was not true. However, in order to protect their users, Wyze insisted that users must be logged out of their accounts immediately and changed their passwords to prevent any information being compromised.
As of now, Wyze explained that they are not yet finished with the investigations but confirmed the intensity of the said massive data breach.
Though the company already confirmed the issue, it was not the first time that Wyze had gone to a data breach controversy. Earlier this year, users found out that people who bought Wyze cameras second-hand could have had their privacy exposed. The company was said to fail on deleting all Alexa accounts if you press 'forget' the old device. Making it seemed like personal information can be transferred to one place to another. With this being noted, Wyze seemed to be 'unwise' for its security protocols.
Now, if you think that you're one of the 2.4 million victims of the said data breach, what are the things you should do to prevent being victimized by hackers?
Seven Steps You Must Do Before Getting Back on Your Wyze Account
In all cases of a data breach on any gadgets or appliances, the first thing you must do is to strengthen your account security for hackers to stop infiltrating on your data. In the case of Wyze, users should start enabling its two-factor authentication. Here's how.
- Go to the "Account" tab in the Wyze app.
- Click your email address.
- Scroll down to the Security section and enable "Two-Factor Authentication."
- Add your phone number then tap "Verify Phone Number."
- After this, you will receive a text with a verification code. Enter the code in the verification field then tap "Next" to finish the process.
- You'll now receive a verification code via text each time you log in.
- Additional Tip: Add a backup phone number in case you lose access to your other devices.
There's no harm in putting security first before trying out Wyze again. Believe this.