They added some sort of caching that messed up when brought up and let users see other devices.
Seems like Problem 1 was with Wyze not handling disaster-recovery properly. Problem 2 is them not testing their new update and setting up proper access controls.
Problem 2 also shows they have no double checks on access to private video feeds. Mixing up what’s being requested at any step and not reverifying anywhere after that point just reveals fucking terrible security practices.
There are two events:
Seems like Problem 1 was with Wyze not handling disaster-recovery properly. Problem 2 is them not testing their new update and setting up proper access controls.
Trying to blame AWS on their own screwup is rich.
Problem 2 also shows they have no double checks on access to private video feeds. Mixing up what’s being requested at any step and not reverifying anywhere after that point just reveals fucking terrible security practices.