As we reported earlier today, a huge Eufy privacy breach allowed users to view the live and recorded camera feeds of strangers. Eufy has now responded to this security breach, bizarrely attributing it to a “bug” that has since been fixed.
In a thread on Twitter, Eufy wrote:
The company goes on to say that all users should “unplug then reconnect” their Eufy cameras and “log out of the Eufy app and log in again.” Doing this should ensure that you only have access to your camera feeds in the Eufy app.
A software bug occurred during our latest server upgrade at 4:50 AM EST today. Our engineering team recognized this issue at around 5:30 AM EST, and quickly got it fixed by 6:30AM EST.
Eufy’s response is rightfully being criticized for not providing more details on what went wrong here. The company vaguely attributing this massive security issue to a “bug” does not help instill confidence in the platform going forward.
The company did provide some additional detail in a statement ot Macerkopf, saying that a server upgrade is what caused this issue and that it affected a “limited number” of users.
As we wrote this morning, this issue does not appear to have affected Eufy users who access the cameras exclusively with HomeKit Secure Video. If you have a HomeKit-enabled router, you can also restrict HomeKit accessories from accessing the internet at all.
Due to a software bug during our last server upgrade today at 4:50 AM EST, a limited number (0.001%) of our users were able to access video feeds from other users’ cameras. Our development team recognized this problem around 5:30 AM EST and was able to fix it quickly by 6:30 AM EST.
The problem affected users at a small rate in the United States, New Zealand, Australia, Cuba, Mexico, Brazil, and Argentina. Users in Europe remain unaffected.
Our customer center will continue to contact those affected. eufy baby monitors, eufy Smart Locks, eufy alarm systems and eufy PetCare products remain unaffected.
We realize that as a security company we didn’t do good enough. We are sorry we fell short and are working on new security protocols and measures to make sure that this never happens again.