Anker's Eufy home security camera owners from different countries sounded the alarm over a security issue that allowed strangers to see live and recorded camera feeds from Eufy customers.
The privacy breach was first reported on Reddit.
“Anyone else have this? I checked my app today (from New Zealand) and noticed none of the videos were of my own. They are from someone in another country (nice Mustang) - "Kangaroo Cam" alludes to being in Australia somewhere. I can also see their contact details (as added accounts) Is this a normal thing to be able to access anyone else's cameras?
I have 3 little children, I am very worried that others are looking at my cameras too. Huge Security Breach Eufy – WTF. EufyCam - I'm throwing mine in the bin, I suggest you do the same,” one user wrote.
Other users wrote they experienced the same problems.
“Turn off your home base!! Disable your cameras, remove them from sensitive locations. There seems to be a global issue where people have access into random peoples home base settings camera feeds and events. This is a huge f***k up... I currently have access to a random home base and camera feeds. I live in Australia and have the Eufy Cam Pro with the Home base 2,” one Eufy owner noted.
“A few hours ago I had access to somebody else’s camera. I’ve just reopened the app and it’s making me change my password, so Eufy is obviously aware and working behind the scenes,” another user wrote.
In a message on Twitter Eufy explained that the issue was caused by a bug that occurred during a scheduled server upgrade, and it was fixed within an hour after it was first noticed and reported.
In a statement the company confirmed the issue affected users in multiple countries, including the US, New Zealand, Australia, Cuba, Mexico, Brazil, and Argentina.
Here’s the full statement:
“Due to a software bug during our latest server upgrade at 4:50 AM EST today, a limited number (0.001%) of our users were able to access video feeds from other users’ cameras. Our engineering team recognized this issue at around 5:30 AM EST, and quickly got it fixed by 6:30AM EST.
The issue affected users at a small rate in the United States, New Zealand, Australia, Cuba, Mexico, Brazil, and Argentina. Users in Europe remain unaffected.
Our customer service team will continue contacting those who were affected. Eufy Baby Monitors, eufy Smart Locks, eufy Alarm System devices and eufy PetCare products remain unaffected.
We realize that as a security company we didn’t do good enough. We are sorry we fell short here and are working on new security protocols and measures to make sure that this never happens again."