Eufy security cameras showing strangers' video feeds [update]

News
By published

A huge security and privacy breach

Eufycam
(Image credit: Eufy)

Two days after Eufy security-camera owners reported that they could see live and recorded video feeds from strangers' Eufy cameras, the company reached out with a more detailed explanation into what happened, how many people were affected, and what to do if you have a Eufy security camera.

Eufy security camera breach: What to do

If you own a Eufy security camera and want to continue using it, the company recommends the following:

1. Unlug and then reconnect the Eufy Home Security Base.

2. Log out of the Eufy security app, then log in again.

Eufy security camera breach: What happened

The issue was first reported by 9to5Mac, which was able to replicate the issue. Mashable, using its own Eufy camera, was not able to view strangers' feeds.  A Tom's Guide staff member based in the UK could not replicate the issue; nor could a Mashable reporter based in the U.S.

On the EufyCam Reddit, one owner posted:

"I use Eufy to monitor my baby daughter's room. Tonight I logged into the app and instead have complete access to the security systems of someone in a different country. I can view streams from all of their cameras, turn lights on and off, and have access to the HomeBase settings. Their contact details including email addresses appear in my app. I try logging out and in again but it stays the same. The live chat function in the app just takes me through to a bot which isn't helpful, and it's night time here at the moment so I can't call Eufy."

In addition to security cameras, Eufy also make smart locks, smart lights, robot vacuums, video doorbells and a host of other, inexpensive smart-home equipment.

According to MacRumors, the issue did not seem to be affect Eufy owners who have set their products up using Apple's HomeKit Secure Video, which stores its feeds in iCloud rather than Eufy's servers.

"During a software update performed on our server in the United States on May 17th at 4:50 AM EDT, a bug occurred affecting a limited number of users in the United States, Canada, Mexico, Cuba, New Zealand, Australia, and Argentina," read a statement by Eufy on May 19.  "Users in Europe and other regions remain unaffected. Our engineering team identified the issue at 5:30 AM EDT and immediately rolled back the server version and deployed an emergency update. The incident was fixed at 6:30 AM EDT. We have confirmed that a total of 712 users were affected in this case."

An earlier statement from Eufy on May 17 noted that the issue only affected security cameras, and not the company's baby monitors, smart locks, alarm system, and PetCare products. It also said that its customer service team would contact those who were affected.  

Eufy stated that all videos are stored locally, and that all stored data and account information is encrypted. 

In addition, Eufy said it was taking the following steps to avoid a similar incident:

For any questions, users can contact our support team at support@eufylife.com. "

This story was updated on May 19 to include additional comments from Eufy.

Mike Prospero
Mike Prospero
U.S. Editor-in-Chief, Tom's Guide

Michael A. Prospero is the U.S. Editor-in-Chief for Tom’s Guide. He oversees all evergreen content and oversees the Homes, Smart Home, and Fitness/Wearables categories for the site. In his spare time, he also tests out the latest drones, electric scooters, and smart home gadgets, such as video doorbells. Before his tenure at Tom's Guide, he was the Reviews Editor for Laptop Magazine, a reporter at Fast Company, the Times of Trenton, and, many eons back, an intern at George magazine. He received his undergraduate degree from Boston College, where he worked on the campus newspaper The Heights, and then attended the Columbia University school of Journalism. When he’s not testing out the latest running watch, electric scooter, or skiing or training for a marathon, he’s probably using the latest sous vide machine, smoker, or pizza oven, to the delight — or chagrin — of his family.