Skip to main content

Huge Eufy privacy breach shows live and recorded cam feeds to strangers [U: Statement]

Update: Eufy has acknowledged the issue, and made a statement – below.

A huge Eufy privacy breach has resulted in both live and recorded camera feeds being shown to complete strangers. They also have complete access to the account, including control of pan-and-tilt cameras where fitted.

The issue was first noted on Reddit, and an Eufy cam owner at 9to5Mac has been able to confirm that he saw the same thing …

Reddit user MeChum87 reported it.

Anyone else have this? I checked my app today (from New Zealand) and noticed none of the videos were of my own. They are from someone in another country (nice Mustang) – “Kangaroo Cam” alludes to being in Australia somewhere. I can also see their contact details (as added accounts) […]

I have 3 little children, I am very worried that others are looking at my cameras too. Huge Security Breach Eufy – WTF. EufyCam – I’m throwing mine in the bin, I suggest you do the same.

Others said they’d seen the same thing.

“Noticed that my home base was playing up with red light then nothing so I jumped into the app and had access to someone else’s doorbell.”

“I’m having the same issue. I could access everything on somebody else’s account, including the live feed and I was controlling their camera (pan, tilt, rotate). I was able to take video recordings, using the in-app record button, which saved to my phone […] The camera I had access to was in the Los Angeles time zone.”

“I have the Eufy camera pro 365 battery life Home bas 2. Im from Aus and i can see someone’s cameras from America.”

“I’m seeing someones camera from Florida at the moment and I’m from Australia. They have cameras inside their house and that is just creepy.”

“Yep, me too. I’m seeing someone elses camera’s. Live feed, history, events, the lot. Full access to the Homebase, settings, home network info.”

A 9to5Mac writer confirmed the issue.

Could see all details, recordings, live (edited). It was like I was logged in as the person.

Logging out and then in again restored access to his own cameras.

Many of the Reddit reports are from Australia and New Zealand, but that may simply be a time-zone issue. Certainly it is occurring in the US too, and some of the feeds accessed were in the US.

We’ve reached out to Eufy for comment and will update with any response. If you’re using HomeKit Secure Video, then your feeds and recordings should be safe, but a mess-up of this scale certainly raises questions about whether that protocol is being used. For now, the smart thing would be to disable all Eufy cameras.

Eufy said:

Due to a software bug during our latest server upgrade at 4:50 AM EST today, a limited number (0.001%) of our users were able to access video feeds from other users’ cameras. Our engineering team recognized this issue at around 5:30 AM EST, and quickly got it fixed by 6:30AM EST. 

The issue affected users at a small rate in the United States, New Zealand, Australia, Cuba, Mexico, Brazil, and Argentina. Users in Europe remain unaffected.

Our customer service team will continue contacting those who were affected. Eufy Baby Monitors, eufy Smart Locks, eufy Alarm System devices and eufy PetCare products remain unaffected. 

We realize that as a security company we didn’t do good enough. We are sorry we fell short here and are working on new security protocols and measures to make sure that this never happens again. 
For any questions, users can contact our support team at support@eufylife.com.

Image: AutomateLife

FTC: We use income earning auto affiliate links. More.

You’re reading 9to5Mac — experts who break news about Apple and its surrounding ecosystem, day after day. Be sure to check out our homepage for all the latest news, and follow 9to5Mac on Twitter, Facebook, and LinkedIn to stay in the loop. Don’t know where to start? Check out our exclusive stories, reviews, how-tos, and subscribe to our YouTube channel

Comments

Author

Avatar for Ben Lovejoy Ben Lovejoy

Ben Lovejoy is a British technology writer and EU Editor for 9to5Mac. He’s known for his op-eds and diary pieces, exploring his experience of Apple products over time, for a more rounded review. He also writes fiction, with two technothriller novels, a couple of SF shorts and a rom-com!


Ben Lovejoy's favorite gear