Two days after Eufy security-camera owners reported that they could see live and recorded video feeds from strangers' Eufy cameras, the company reached out with a more detailed explanation into what happened, how many people were affected, and what to do if you have a Eufy security camera.
Eufy security camera breach: What to do
If you own a Eufy security camera and want to continue using it, the company recommends the following:
1. Unlug and then reconnect the Eufy Home Security Base.
2. Log out of the Eufy security app, then log in again.
Eufy security camera breach: What happened
The issue was first reported by 9to5Mac (opens in new tab), which was able to replicate the issue. Mashable, using its own Eufy camera, was not able to view strangers' feeds. A Tom's Guide staff member based in the UK could not replicate the issue; nor could a Mashable (opens in new tab) reporter based in the U.S.
On the EufyCam Reddit (opens in new tab), one owner posted:
"I use Eufy to monitor my baby daughter's room. Tonight I logged into the app and instead have complete access to the security systems of someone in a different country. I can view streams from all of their cameras, turn lights on and off, and have access to the HomeBase settings. Their contact details including email addresses appear in my app. I try logging out and in again but it stays the same. The live chat function in the app just takes me through to a bot which isn't helpful, and it's night time here at the moment so I can't call Eufy."
In addition to security cameras, Eufy also make smart locks, smart lights, robot vacuums, video doorbells and a host of other, inexpensive smart-home equipment.
According to MacRumors (opens in new tab), the issue did not seem to be affect Eufy owners who have set their products up using Apple's HomeKit Secure Video, which stores its feeds in iCloud rather than Eufy's servers.
"During a software update performed on our server in the United States on May 17th at 4:50 AM EDT, a bug occurred affecting a limited number of users in the United States, Canada, Mexico, Cuba, New Zealand, Australia, and Argentina," read a statement by Eufy on May 19. "Users in Europe and other regions remain unaffected. Our engineering team identified the issue at 5:30 AM EDT and immediately rolled back the server version and deployed an emergency update. The incident was fixed at 6:30 AM EDT. We have confirmed that a total of 712 users were affected in this case."
An earlier statement from Eufy on May 17 noted that the issue only affected security cameras, and not the company's baby monitors, smart locks, alarm system, and PetCare products. It also said that its customer service team would contact those who were affected.
Eufy stated that all videos are stored locally, and that all stored data and account information is encrypted.
In addition, Eufy said it was taking the following steps to avoid a similar incident:
For any questions, users can contact our support team at email@example.com (opens in new tab). "
This story was updated on May 19 to include additional comments from Eufy.