A ‘software bug’ was to blame for camera owners being shown live and recorded feeds of strangers’ homes
It’s been revealed that Eufy was subject to a huge privacy breach as users across Australia and New Zealand began to report seeing other people’s home security camera feeds in their apps.
Not only this, but they were able to access older videos and even control the movement of cameras in strangers’ homes.
The idea of being spied on in our own homes is a perennially chilling one, which is why when we install security cameras to protect against break-ins, we’re placing a huge amount of trust in the companies who control those cameras.
It’s a shame because cameras such as the Eufy 2K and the Eufy Indoor Cam have impressed us greatly in our reviews and the Chinese company makes some of the best budget security cameras on the market.
The breach was first mentioned on Reddit, where user MeChum87 said:
“Anyone else have this?
I checked my app today (from New Zealand) and noticed none of the videos were of my own.
They are from someone in another country (nice Mustang) – “Kangaroo Cam” alludes to being in Australia somewhere.
I can also see their contact details (as added accounts)
Is this a normal thing to be able to access anyone else’s cameras?
I have 3 little children, I am very worried that others are looking at my cameras too.
Huge Security Breach Eufy – WTF
EufyCam – I’m throwing mine in the bin, I suggest you do the same.”
Other users and reporters on various news sites confirmed similar stories, including being able to save video to their phones and access settings and home network information.
Anker-owned Eufy has since confirmed the incident, which it says is now resolved.
“Due to a software bug during our latest server upgrade at 4:50 AM EST today, a limited number (0.001%) of our users were able to access video feeds from other users’ cameras. Our engineering team recognized this issue at around 5:30 AM EST, and quickly got it fixed by 6:30AM EST.
“The issue affected users at a small rate in the United States, New Zealand, Australia, Cuba, Mexico, Brazil, and Argentina. Users in Europe remain unaffected.
“Our customer service team will continue contacting those who were affected. Eufy Baby Monitors, eufy Smart Locks, eufy Alarm System devices and eufy PetCare products remain unaffected.
“We realize that as a security company we didn’t do good enough. We are sorry we fell short here and are working on new security protocols and measures to make sure that this never happens again.”
It’s a worrying and not unprecedented scenario, reminding us of just how much faith we’re putting in protocols when we allow videos of our homes to be streamed or uploaded.
Mopping up: Eufy Robovac X8 Hybrid review
Redditors made a variety of suggestions from disabling microphones to only turning on cameras when you’re out of the house. How confident you feel is up to you, but they’re certainly options to consider – particularly if you have a Eufy set-up.
This cross streaming of security camera footage isn’t the first time we’ve come across this sort of breach either.
Back in 2019, Google had to roll out a patch for Nest Cam software to prevent an issue whereby footage from a previously linked camera could still be viewed – even when the camera itself was removed from a Nest account.