A bug let Eufy security camera owners access strangers' feeds

·Associate Editor
·1 min read

Owners of Anker's Eufy security cameras are running into a serious privacy bug. As 9to5Mac reports, users on Anker's forums and Reddit have found themselves suddenly accessing others' camera feeds, including recordings and even account details. Logging out and in again appears to resolve the issue (as does using HomeKit Secure Video), but this clearly raises concerns that a not-so-scrupulous user might spy on someone else.

Anker confirmed the issue happened in multiple countries and that it was fixed about one hour after it was recognized. The company says a software bug during a server upgrade was the reason, though it didn't offer more details. "We realize that as a security company we didn’t do good enough," the company writes while promising to upgrade security measures so this doesn't happen again.

Here's the company's following statement: 

"Due to a software bug during our latest server upgrade at 4:50 AM EST today, a limited number (0.001%) of our users were able to access video feeds from other users’ cameras. Our engineering team recognized this issue at around 5:30 AM EST, and quickly got it fixed by 6:30AM EST.

The issue affected users at a small rate in the United States, New Zealand, Australia, Cuba, Mexico, Brazil, and Argentina. Users in Europe remain unaffected.

Our customer service team will continue contacting those who were affected. Eufy Baby Monitors, eufy Smart Locks, eufy Alarm System devices and eufy PetCare products remain unaffected.

We realize that as a security company we didn’t do good enough. We are sorry we fell short here and are working on new security protocols and measures to make sure that this never happens again."

Update, 1:30PM ET: Added Anker's statement and details on the security issue.