eufy Camera Live Feed Security Breach

Just a PSA. If you have any eufy cameras inside your home, especially around kids it is recommended that you disconnect it. They’re currently experiencing massive security breach related issues where users from around the world are able to see other cameras.

Confirmed by 9to5mac https://www.google.com.au/amp/s/9to5mac.com/2021/05/17/huge-...


Update: thanks to Applause.

Dear eufy Security Users:

A software bug occurred during our latest server upgrade at 4:50 AM EST today. Our engineering team recognized this issue at around 5:30 AM EST, and quickly got it fixed by 6:30AM EST.

We recommend that all users:

Please unplug and then reconnect the device.
Log out of the eufy security app and log in again.
For any questions, users can contact our support team at [email protected].

https://communitysecurity.eufylife.com/t/statement-from-eufy...

Comments

  •  

    Thanks for letting us know
    I have the floodlight cam and just checked the app and everything is normal, nothing was touched and no unusual events.
    Should I worry about this affecting me?

    • +30 votes

      I checked your floodlight cam too. I can confirm it looks normal..

      •  

        Haha!

    • +1 vote

      I’m in the same boat. Mines were fine so I haven’t made any changes. Mind you, I don’t have any internal cameras so I’ve got nothing to hide regardless.

  •  

    Yeah my account was signed out on the app, had to log back in which I've never had to do before.

    I've unplugged my home base for now until it's resolved.

  •  

    I opened the app and it said my homebase is set up, but had no devices. I don't have a homebase…

    But then I clicked on devices and I could see my cam.

    I changed some settings on my device, then went back to my home screen and it it only shows my camera now.

    A bit of a worry!

    •  

      Other users have reported the same. Suspect Eufy is doing things in background to rectify.

  • +2 votes

    Mine seem ok, I only have outdoor cams thankfully.

  • +1 vote

    Whats the implication of this? Seems like pretty quiet on their front and doubt they would report it.

    So whats a consumers best course of action and is taking this back to the retailer and informing them of the issue an option?

    •  

      Good question. I’m sure the company have made it impossible to protect themselves from things like this.

  • +5 votes

    Someone in the comments has picked the likely issue. A backend server screw up.
    "Very much looks like that logged in users had some key stored locally and it got matched to different account. After logging out and back in they are issued new one and are back to their profile."

    Not a great look, but it happens to a lot of services and it's a pretty easy fix. I have these cameras but basically treat them as if they're always broadcasting on the public internet as a matter of course. No camera that's easily internet accessible is immune to this sort of issue.

  •  

    Agreed. No response by Eufy which is disappointing.

    I wouldn’t be surprised if this is a simple upgrade and caching issue that’s caused it. Though it would of been ideal if EUFY addressed it immediately. On the other hand even if it was a breach, companies are prone to it no matter what size. We’ll have to wait and see.

    Personally I don’t have any internal cameras so I’m not too fussed but do feel for those that may have cameras inside the home.

  • +4 votes

    Eufy made a short comment about the incident on their community platform. https://communitysecurity.eufylife.com/t/statement-from-eufy...

    Dear eufy Security Users:

    A software bug occurred during our latest server upgrade at 4:50 AM EST today. Our engineering team recognized this issue at around 5:30 AM EST, and quickly got it fixed by 6:30AM EST.

    We recommend that all users:

    Please unplug and then reconnect the device.
    Log out of the eufy security app and log in again.
    For any questions, users can contact our support team at [email protected].

    • +5 votes

      I feel that statement is just not good enough for the sort of incident that happened.

      • +2 votes

        Reminded me of shopback lol

        • +4 votes

          No, Shopback are all good now. They are offing a lottery for random gift cards… and there was that $3 “we’re sorry” voucher that fixed everything…

          • +2 votes

            @pegaxs: Pretty sure it's a lottery every time you try and make an unpaid cashback claim.

          • +1 vote

            @pegaxs: I am still getting scam calls from no caller IDs to this day, all of which started after the SB hack.

  • +3 votes

    Yea i realised this issue last night, on my partners device we are conencted to someone in USA….

  •  

    I lost my cameras last night. App only showed the homebase, had to reconnect the cameras as if starting from scratch.

  •  

    Had login issues over the last week, had 'unable to connect to application server' errors for days but my partner could login fine… I wonder if its related? Could only login properly yesterday…

  •  

    FYI anyone who has purchased this system previously and no longer want it due to the breach. I quoted the consumer laws to the retailer (JB) i made the purchase from and they initiated a refund.

    I basically quote that the product no longer met "are of acceptable quality – the goods must be safe, lasting, have no faults, look acceptable and do all the things someone would normally expect them to do"