Owners of Eufy security cameras have found themselves able to see live and recorded video of other, random users, in a huge privacy breach affecting the Anker company. Owners of the affordable cameras began reporting the issue earlier today, with access to other users’ cameras – including pan & tilt control on certain models – elsewhere in the world.
Eufy offers a wide range of models, designed for both indoor and outdoor use, along with video doorbells, baby monitors, and floodlight cameras for exterior security. Some cameras support remote pan & tilt functionality, where the lens can be moved to look around the room from the Eufy app.
However when multiple owners tried to view their cameras earlier today, they realized they weren’t in fact seeing their own feeds. Instead, they had access to what appeared to be both live and cloud-based saved clips from random users elsewhere in the world. Others could see the list of alerts that cameras had generated over the past day or so.
Owners on Reddit confirmed the problem, as did at least one camera owner at 9to5Mac. While the exact functionality appears to be different in some cases, some users were able to remotely capture video recordings and save them to their own phones from the randomized feeds. Others reported being able to access the Eufy settings on the remote systems, including home network information.
It’s a huge concern for those who have bought into Eufy’s ecosystem of products, particularly among those who have installed cameras inside the home or to monitor their children. Concerned Eufy users found that logging out of their account and then back in again, plus power cycling the home base, was sufficient to restore access to their own system. However, others have simply unplugged their cameras altogether, which seems like a fairly wise reaction.
Security breaches and privacy lapses aren’t uncommon at this point in time, but the impact is always more significant when it’s a home security company like Eufy which is impacted. Wyze, another low-cost camera and smart home tech provider, experienced a huge database breach in late 2019, for example, though that didn’t see people able to access other users’ accounts in the same way as this Eufy issue.
Eufy is yet to comment officially on the problem today. According to a message shared in the official Eufy forum, purportedly from the company’s support team, “the issue was due to a bug in one of our servers” which “was quickly resolved by our engineering team.” Even if that’s authentic, whether it’ll be enough to reassure the company’s customers remains to be seen.