Eufy has put out a statement apologizing for a glitch that occurred two days ago, allowing some Eufy home security camera users to see video from other users’ homes. The statement explains that it happened during a software update, but the company claims it only affected a small number of users: just 712 people across the US, Canada, Mexico, Cuba, New Zealand, Australia, and Argentina. Eufy says that the issue was fixed with an emergency update less than two hours after it was identified.
In a statement to The Verge, Eufy confirmed that “users were able to access video feeds from other users’ cameras.” However, in its official statement posted to Twitter (which can be viewed in full below), Eufy doesn’t explain what the bug actually was. It does say it’s working to keep this from happening again in the future, by upgrading its network and the authentication mechanisms between the cameras, servers, and app.
The initial reports of the bug came from Reddit, with users reporting that they were able to see and control the live feeds from all the Eufy cameras in someone else’s home, as well as see any previously recorded footage and the other user’s email address.
Eufy suggests that that users in the affected countries (listed above) should unplug then replug their security home base, then log out of the Eufy security app before logging back in.
The full statement is below:
During a software update performed on our server in the United States on May 17th at 4:50 AM EDT, a bug occurred affecting a limited number of users in the United States, Canada, Mexico, Cuba, New Zealand, Australia, and Argentina. Users in Europe and other regions remain unaffected. Our engineering team identified the issue at 5:30 AM EDT and immediately rolled back the server version and deployed an emergency update. The incident was fixed at 6:30 AM EDT. We have confirmed that a total of 712 users were affected in this case.
Although the issue has been resolved, we recommend users in the affected countries (US, Canada, Mexico, Argentina, New Zealand, Australia, and Cuba) to:
- Please unplug and then reconnect the eufy security home base.
- Log out of the eufy security app and log in again.
All of our user video data is stored locally on the users’ devices. As a service provider, eufy provides account management, device management, and remote P2P access for users through AWS servers. All stored data and account information is encrypted.
In order to avoid this happening in the future, we are taking the following steps:
- We are upgrading our network architecture and strengthening our two-way authentication mechanism between the servers, devices, and the eufy Security app.
- We are upgrading our servers to improve their processing capacity in order to eliminate potential risks.
- We are also in the process of obtaining the TUV and BSI Privacy Information Management System (PIMS) certifications which will further improve our product security.
We understand that we need to build trust again with our customers. Thank you for trusting us with your security and our team is available 24/7 at email@example.com and Mon-Fri 9AM-5PM (PT) through our online chat on eufylife.com.