For the dutch readers: https://www.rtlnieuws.nl/tech/artikel/5231552/eufy-cameras-beveiligingscameras-slimme-videodeurbellen-privacy-lek
If they really care about their customers they would update their response here to reflect that humility they expressed to Engadget to their customers. Apologizing to the press means nothing if it’s not communicated directly to your customer. Let’s hope that when you know better, you do better because this may not be the last time they have to make an apology. Time will tell. To be continued…
@richardweijens volgens Engadget trof het geen Europese gebruikers - zie link boven - en we zijn gespaard gebleven.
While I did see a report from someone in Romania, it seems that the GDPR actually makes a difference for European citizens. Another example would be the new terms WhatsApp pushed onto everybody: in the EU WhatsApp was forbidden to share data by GDPR regulation, so the new terms don’t have any significant impact for them.
Hopefully eufy does the same for European citizens: handle their data differently. Maybe that’s why ‘we’ didn’t get impacted.
- No apologies
- Encryption, should that not prevent this…
- A “bug” without proper explanation.
- This means all eufy/chinese government employees can see your live feed/recorded videos.
- Affected MFA accounts as well.
- Cloud still required… even if its “stored” locally.
- Company not being transparent.
- Deflecting all accusations. (not their fault)
Should have gone with another brand…
The fix to this is Eufy shutting down their end. NOT requiring that all users perform the suggested actions.
This is a completely unacceptable response… Not one email or communication or push notification to alert with these instructions… I got to read multiple articles letting me know, and that’s seriously messed up.
Just give me cameras with two-way audio and no need whatsoever for the Eufy app. I’ll do everything through HomeKit thank you very much.
@deelightandsound Rectifying the issue is key. BUT a mistake of this magnitude…an actual apology to those who were effected should have been included in their statement. Accountability and humility tells a lot about a company during difficult times.
Canned answers like theirs is a joke or was written from someone with a legal background, lol. No empathy what’s so ever. Very specific and factual. No concern to their customers whose privacy was effected. This will be a PR nightmare…and responses like these…I hope it hits them where it counts $$$
That was some bug I had full access to another family’s cameras. Inside and outside their house. I can only hope that if someone had the same view of my place that they took privacy issues into account and weren’t “watching” us
Other companies that have had a similar issue it was caused by an incorrect setting on the server not a bug, the setting allows the authentication to be stored so someone could open the app & the server thinks it’s still the previous person & gives access to their account
I can tell you that I was not impressed at 3am when the alarm went off & how it would let me log into my account
I think something along those lines occurred (not official information).
That’s why it’s not really needed to change login credentials because they would be compromised.
Usually tokens are generated for access or whatever, but if those tokens get shuffled and the server thinks everything is OK, this can happen.
Is this why I received an un-requested 2fa activation code at 5:30am EST, on May 17, 2021?
I have since changed my password etc… but have lost faith in the security of this system.
Do not drink the kool-aid!
This is a total B.S. EXPLANATION and Eufy has not taken ANY responsibility, nor have they been absolutely TRANSPARENT with we (the end-users) who TRUST THEM WITH OUR SECURITY!
Please, don’t be so flippant and uninformed. You are only adding to the fundamental problem …THERE WAS A MASSIVE BREACH ON THEIR SERVERS…WORLDWIDE!
C’mon…this cannot be dismissed with such a ludicrous & preposterous tale!
Tbh it wasn’t as bad as a breach that releases email, password, payment & location details
It also wasn’t worldwide, looks to be 1 of 3 server locations that was affected
99% sure this was due to human error which can easily happen and even be missed by a secondary checker
Yes I think they could release more details on the issue & steps they are taking to stop something similar in future but I highly doubt that will happen unless you work for the Chinese government & demand the information
Glad there was a quick turnaround. Still a rough situation that should have been impossible with a properly isolated and individually secured system (encryption unique to each user).
It is clear that your system is not intrinsically secure when something like this happens. Having faith that human errors will not be repeated is hard - having a system that won’t fail in this way in spite of any possible human errors would be much more reassuring, look forward to hearing how you can move in that direction.
I love how everyone is demanding and an apology from Eufy, but when something similar happened to Ring and it was exposed how easily they share the camera feed with others no one batted an eye and carried in like it was nothing. So when Ring got hacked it’s whatever, but Eufy has server issues yall are quick to jump down their throat
So how do you go about “unplugging” a wireless device (both camera and home base) and reconnect?
React as fast a possible - check
Show any type of concern, remorse, sincerity - STILL WAITING
Being blasé about something like this is unacceptable.
This reminds me of the alarm installation company. They install your system throughout your house and in two weeks rob you since they know how to bypass the system. Only possessions weren’t stolen it was privacy.
A software BUG is a instance of mistyped code, fetch or something along those lines typically. How is this a bug when there had to have been several lines of code that were incorrect. How are there no safety nets when coding for eufy? Because this has to be a built in feature that accidentally went online which was only meant for “corporate.”
Anyone care to explain that?