A major privacy breach was discovered in Eufy security cameras that allowed one to view the live and recorded camera feeds of strangers. Eufy users also had complete access to the other person's account and could control their camera's pan and tilt positions.
The issue seems to have affected only a small portion of Eufy security camera users in New Zealand, Australia, the US, and a few other countries. Eufy customers in Europe were not affected by the breach.
Eufy Users Had Complete Control Over Other Customer Accounts
The privacy breach was first noticed by Eufy users on Reddit who, to their horror, saw camera feeds from strangers upon opening the Eufy security app on their phone. More worryingly, users reported having complete access to a stranger's Eufy account, including controlling their Eufy cameras, access to recorded footage, and even their address.
Eufy has already acknowledged the privacy breach saying it was caused by a "software bug" that occurred during a recent server update. The issue was discovered within an hour and fixed within a couple of hours.
Eufy recommends all users unplug and reconnect their security camera and then log out and log in again in the Eufy security app. The company's customer care will also reach out to affected customers.
Eufy says the privacy breach affected only 0.001% of its users in the US, New Zealand, Australia, Cuba, Mexico, Brazil, and Argentina. It also clarified that Eufy baby monitors, smart locks, pet care products, and alarm systems were not affected by this security lapse.
Eufy issued the following statement to Android Police apologizing for the security breach:
We realize that as a security company we didn’t do good enough. We are sorry we fell short and are working on new security protocols and measures to make sure that this never happens again.
Eufy Security Camera Owners Are Angry
Going by the Reddit thread, Eufy security camera owners are angry and disappointed. Many have already removed their cameras following the privacy breach, while others who were within Amazon's 30-day return period have returned the camera for good.
Customers are also not happy with Eufy's apology and the company not revealing what actually went wrong that led to this privacy lapse. The company is simply putting the blame on a "software bug" in its statement.
Eufy is not the first company to face this issue. A similar incident occurred with Wyze's security cameras in 2019. Amazon's Ring security cameras were also hacked in late 2019, with the hackers shouting racist abuses and slangs on affected users and even taunting a child.