
Wyze Alleged data breach 12-26-2019 - fraqed
https://forums.wyzecam.com/t/alleged-data-breach-12-26-2019/79046
======
fraqed
As of December 29, 2019 Wyze has confirmed that two databases were “left
unprotected” and while these were not production databases, they did contain
some user data. The original link has been has been updated by the Wyze team,
for those who wish an official explanation.

------
cyblarg
Having a hard time seeing this as anything other than an attack on wyze with
the guise of a helpful report. Similar things were reported against AMD after
Intel's security issues that were rather dubious claims

------
FocusForte
Honestly, I'm convinced this whole thing is a hoax. Wyze handling this under
the assumption this was a real thing is a breath of fresh air, as they
definitely seem to care a lot about this and shown that they are taking the
accusation very seriously. ...but the source for this accusation, 12security,
they look like a joke. The further you dig into "12security" the more sketchy
it gets. The website domain name was purchased earlier this year from Google
Domains (whois.net shows it was created 2019-08-19T22:06:20Z), but the only 3
"articles" on it are all from December of this year, and the other two from
before this Wyze one are just ranty, and aren't anything to help 12security's
credibility. Before today there isn't a single listing for this website in the
internet archives, the only archives for this website are ones I generated
today while researching the site. The website is powered by Ghost,
([http://ghost.io/](http://ghost.io/)) which isn't really an issue, lots of
professional websites use Ghost, but it's not even been fully set up. The
website has a lot of the default stuff still. There is no favicon for the
site, the username for the blogposts is the default "ghost", the footer is
still linked to the Ghost platform's social page and not their own, and the
admin login url hasn't been changed like you'd expect a security expert to do
to [https://blog.12security.com/ghost](https://blog.12security.com/ghost)
which redirects to
[https://12security.ghost.io/ghost/#/signin](https://12security.ghost.io/ghost/#/signin).
The only social page that their footer points to that is their own is their
twitter,
[https://twitter.com/securitytwelve](https://twitter.com/securitytwelve) which
again, does not look like a real security researcher's twitter, and instead
looks like a generic anti-china conspiracy account. The website has a
dedicated page for pricing of security consultation, and it's made in the most
asshole way possible. "Twelve Security offers the following services. Prices
are purposely posted here to intentionally antagonize any vendors/consultants
who do not:" which is to me suspicious because it's the very same thing that
people (John Wood) are pushing Wyze to pay for. Their phone number listed,
210-929-6268, is a google voice / google fi phone number that has been put on
do not disturb mode. Or at the very least, they're using the EXACT same
recorded messages that Google voice / google fi uses. And
[https://freecarrierlookup.com/](https://freecarrierlookup.com/) verifies that
both my google fi number, and their number show up as a T-Mobile number. Their
website advertises their "services" but does it in a very unorthodox and
aggressive way,
[https://web.archive.org/web/20191227161612/https://blog.12se...](https://web.archive.org/web/20191227161612/https://blog.12security.com/services/)
Their domain is a Google Domains domain, that was only registered this year.
And the "article" that started this all, just read it for yourself. It doesn't
follow the industry standard of first reporting the breach to the company to
give them a chance to close the breach before making the public aware of it,
that is done to protect users from the hackers who would go after Wyze's
servers because of the alleged breach.
[https://web.archive.org/save/https://blog.12security.com/wyz...](https://web.archive.org/save/https://blog.12security.com/wyze/)
And that's just what I've been able to stumble across so far. Dov Chodoff (in
the FB Wyze group) also pointed out that their address listed on their site
doesn't appear to be a real address
[https://goo.gl/maps/SFDHWeM1NHngBrr1A](https://goo.gl/maps/SFDHWeM1NHngBrr1A)

~~~
hn20180220
^^Wyze PR spotted

For a major security incident, Wyze decided not to notify customers (it has
been days and Wyze still hasn't sent out any communication and stopped twitter
updates).

Instead Wyze launched a smear campaign with troll accounts like FocusForte
(accounts created just to post the message above) across multiple forums.
Shame on your Wyze, typical act of Chinese spying company.

