Smart home tech maker Wyze Labs says 2.4 million users’ user data was exposed by an unsecured Elasticsearch cluster for over three weeks. The exposed data was a copy of Wyze’s production database containing a subset of all its users’ info. An employee mistakenly removed the security protocols while using the database on December 4th. Wyze CPO confirmed some of the info related to the exposed information published by Twelve Security’s December 26 report. The company also said that the exposed database did contain customer emails and camera nicknames, WiFi SSIDs, and body metrics for a small number of product beta testers.
Source: https://www.bleepingcomputer.com/news/security/wyze-exposes-user-data-via-unsecured-elasticsearch-cluster/