Users of Anker’s EufyCam security cameras lit up Reddit and Anker’s message boards early Monday with reports that instead of seeing their own video feeds on the Eufy app, they found videos from complete strangers.
One Redditor in New Zealand said he opened the Eufy app and saw videos from “someone in another country,” complete with their account details, while another EufyCam user in Australia reported finding videos of a family in Honolulu, Hawaii.
Signing out of your Eufy account and then signing back in again seems to resolve the problem, and indeed, many EufyCam users say they’re being prompted to log in again.
In an emailed statement to TechHive, a Eufy rep acknowledged the "software bug" and apologized.
Here is the complete statement:
Due to a software bug during our latest server upgrade at 4:50 AM EST today, a limited number (0.001%) of our users were able to access video feeds from other users’ cameras. Our engineering team recognized this issue at around 5:30 AM EST, and quickly got it fixed by 6:30AM EST.
The issue affected users at a small rate in the United States, New Zealand, Australia, Cuba, Mexico, Brazil, and Argentina. Users in Europe remain unaffected.
Our customer service team will continue contacting those who were affected. Eufy Baby Monitors, eufy Smart Locks, eufy Alarm System devices and eufy PetCare products remain unaffected.
We realize that as a security company we didn’t do good enough. We are sorry we fell short here and are working on new security protocols and measures to make sure that this never happens again.
For any questions, users can contact our support team at firstname.lastname@example.org.
It’s worth noting that the EufyCam security hole doesn’t seem to have affected Eufy users who use their cameras with Apple’s HomeKit Secure Video platform, which analyzes captured videos locally on “home hub” devices such as Apple TVs, iPads, and HomePod speakers. HomeKit Secure Video also lets you store encrypted security videos in iCloud, where they’re only accessible by their owners.
The apparent Eufy security breach highlights the threat posed by security cameras that offer cloud-based video storage: namely, that your videos could be accessible to third parties or vulnerable to privacy glitches.
Apple pitched HomeKit Secure Video as a privacy-minded alternative to cloud-based storage on third-party servers. Many EufyCam devices also offer local, on-device storage in addition to cloud storage.
In any event, we recommend that all EufyCam users immediately sign out of their accounts and sign in again. And hopefully, Eufy will make good on its promise to bolster its security and regain our trust.
Updated shortly after publication to add Eufy's response.