Last night, a number of Eufy home security camera owners discovered they were able to access smart camera feeds and saved videos from users they had never met, due to an apparent security glitch. First reported by 9to5Mac, the issue came to light in an extended Reddit thread, in which users from around the world detailed their experiences.
“Basically I could see every camera, their front door and backdoor bells, master bedroom, living room, garage, kitchen, their motion recordings, everything,” one Eufy owner noted. “I was wondering what was going on as it still had my email and name as signed in and noticed that some unknown email, I’m guessing of the Hawaii owner, was in my shared guest account.”
Some reported that signing out of their account and signing back in resolved the behavior; by now, whatever problem caused the behavior appears to have been fixed. Still, many users are left concerned that their own cameras and feeds might have been exposed without their knowledge.
“For a security product to become completely unsecure, it’s pretty worrying,” the users continued.
Eufy did not respond to a request for comment from The Verge, but told Android Police that the problem lasted only an hour and did not affect baby monitor products. On Reddit, users higlighted a message sent to customers attributing the issue to a server error:
The issue was due to a bug in one of our servers. This was quickly resolved by our engineering team and our customer service team will continue to assist those affected. We recommend all users to:
1.Please unplug and then reconnect the home base.
2.Log out of the eufy security app and log in again.
Contact firstname.lastname@example.org for enquiries.
There’s no indication that specific individuals were targeted as part of the bug, but it’s still a troubling behavior for a service that often monitors private homes. Eufy also makes an Echo Dot-style voice assistant called the Genie, although Genie products appear to have been unaffected by the bug.
Update 1:54PM ET: Added Eufy statement to Android Police.