A misconfiguration issue in the software used by the Eufy video camera exposed private information and video streams of customers.
Chinese electronics vendor Anker has recently addressed a bug that mistakenly exposed private information and video streams of customers using its Eufy video cameras.
The issue was caused by a misconfiguration, but the vendor told TheRecord media that it learned of the problem 40 minutes after it took place quickly addressed it.
Some users reported that once signed into their accounts, they were able to access the live feeds of other users’ Eufy security cameras and recorded video. The users also reported they were able to control others’ cameras.
“I have no idea what happened but out of nowhere I was given a completely different feed of someone else’s doorbell and security cameras,” reported the Reddit user, u/cosmik_gg. “I realized oh crap this is someone else’s account, it showed a woman walking through her garage,”“I immediately freaked out, took screenshots of the app so I could prove what was happening and then deleted it, and disconnected all Eufy products across my house.”
The problem was solved in a couple of hours, but many users claimed to have access to someone else’s camera feeds, for this reason, the vendor recommended to unplug and reconnect their devices and log out of the Eufy security app and log in again.
However, the incident has an important impact on the company’s reputation, many users accused the vendor to hasn’t promptly notified the issue to the impacted users.
Owners of Eufy cameras are recommended to perform the following actions to definitively fix the issue:
- Please unplug and then reconnect the device.
- Log out of the eufy security app and log in again.
(SecurityAffairs – hacking, Eufy video camera)