Eufy issue statement following its security breach

Author

Date

Category

As reported yesterday Eufy experienced a breach of security in which users had reported being able to see strangers live steams, recordings and even control the pan and tilt. The company has now issued a statement explaining the situation, and it appears to be a bug rather than a third party breach that caused the issue.

First reported on the Eufy SubReddit by user MeChum87 that upon logging into their Eufy security app account, the user could see live streams, recorded clips, account details, and even control the movement of Eufy Pan & Tilt cameras of strangers.

This report was backed up by by several other users from the United States, New Zealand and Australia. Although Eufy did not respond directly on the Reddit threads, the company have now released a statement via its Twitter account.

“Due to a software bug during our latest server upgrade at 4:50 AM EST today, a limited number (0.001%) of our users were able to access video feeds from other users’ cameras. Our engineering team recognized this issue at around 5:30 AM EST, and quickly got it fixed by 6:30AM EST.

The issue affected users at a small rate in the United States, New Zealand, Australia, Cuba, Mexico, Brazil, and Argentina. Users in Europe remain unaffected.

Our customer service team will continue contacting those who were affected. Eufy Baby Monitors, eufy Smart Locks, eufy Alarm System devices and eufy PetCare products remain unaffected.

We realize that as a security company we didn’t do good enough. We are sorry we fell short here and are working on new security protocols and measures to make sure that this never happens again. For any questions, users can contact our support team at support@eufylife.com.”

So based on the statement it looked like a software bug caused the issue rather than a security breach. It also looks like that European users were unaffected and this is probably down this set of users are connected to a different server. Which if EU users had been affected, then GDPR would have been a major issue and Eufy would have had to a lot more forward with what data had been exposed.

Must read  Win a Logitech Circle View in our Free draw

IoT security

Although this statement from Eufy explains the situation and provides some comfort that it was not a third part that had hacked its service. It is probably to early to ascertain if this response restores faith in the company and its products. Although judging by the comments on its Twitter feed and continued discussion on Reddit, users are still wanting to know what data was exposed.

While the internet of things will never be safe from data and security breaches and I have Eufy cameras around my home. These are all connected via HomeKit Secure Video and with restricted access to the internet. If you want to know about HomeKit Secure Video and HomeKit Secure Routers, then hit the links to find out more.

You can also follow us on Twitter, Facebook, YouTube and Instagram for the latest HomeKit News and Reviews.

Must read  Aqara M2 hub released in the US
Must read  Meross smart power strip gains HomeKit support in the US
Must read  Meross HomeKit garage door opener available in the UK

We may earn a commission for purchases using our links, this does not affect our editorial coverage – Ethics statement

LEAVE A REPLY

Please enter your comment!
Please enter your name here

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Follow us

1,711FollowersFollow
3,782FollowersFollow
30,200SubscribersSubscribe