Eufy CCTV camera users had access to other people’s cameras and accounts
Eufy, a smart home appliance maker, reported an incident in which the recordings and live video feed of its users’ CCTV cameras were visible to third parties. What’s more, outsiders had complete control over the accounts, including pan-tilt cameras, if any.
Reddit users were the first to report the problem.
“Has anyone else encountered this? I checked my app today (from New Zealand) and found that none of the videos are mine. They belonged to someone from another country (by the way, a cool Mustang) – judging by the Kangaroo Cam, somewhere in Australia. I could also see his contact details (as added accounts). […] I have three small children, and I am very worried that others can also look through my cameras, ”said a user under the pseudonym MeChum87.
“I saw a red light blinking on my home base and then it stopped. So I opened the application, and there was someone else’s doorbell, ” one of the users shared .
“I have the same problem. I could access everything on someone else’s account, including live feed from a camera, and control someone else’s camera (pan, tilt, rotate). I was able to record a video using a button in the app on my phone. […] The camera I got access to was in Los Angeles, ”said another Reddit user.
According to Eufy’s notice, the reason that CCTV users gained access to someone else’s accounts was due to a “software bug in the server update process.” The problem affected a tiny fraction of users (only 0.001%) in the United States, New Zealand, Australia, Mexico, Brazil, Argentina and Cuba. Users in Europe were not affected. The incident also did not affect Eufy Baby Monitors, eufy Smart Locks, eufy Alarm System and eufy PetCare devices.
“We understand that for a security company, we have not done very well. We are very sorry that we have not coped with this task, and we are working on new security protocols and measures to ensure that this will never happen again, ”- said in the message Eufy.