Eufy owners privacy breached for an hour, app showed wrong cameras
Posted May 17, 2021
- In a major security and privacy lapse, for an hour on Monday morning, users of Eufy cameras discovered that cameras owned by other users were viewable in their app instead of their own, and settings could be changed by those granted bogus access as well.
- Initially spotted on Reddit, Eufy cam owners are reporting that attempts to log into the app provide complete access to another camera setup, seemingly in another country. As part of this access, the users are also able to see and change settings on the account and connected hardware, turn lights on and off, and also retrieve details like the camera owner’s email address.
- Some miscreants are taking advantage of this access. They are modifying settings for accounts, and there are reports of some talking to children on the other side of the camera.
- Update: In a statement to AppleInsider and other venues, Eufy claimed that the a “server upgrade” induced the problem for 0.001 percent of its users. The company also said that identified the problem at around 5:30 AM Eastern Time, and fixed it by 6:30.
– Malcolm Owen | May 17, 2021