A botched server upgrade exposed Eufy video camera feeds to random users
Catalin Cimpanu May 17, 2021

A botched server upgrade exposed Eufy video camera feeds to random users

A botched server upgrade exposed Eufy video camera feeds to random users

Chinese electronics company Anker has patched a bug today that mistakenly connected users of its Eufy security cameras with video streams of random accounts from across the world.

In a statement, an Anker spokesperson told The Record that the issue occurred due to a software bug that happened during a planned server upgrade that took place earlier today.

The company said it learned of the issue 40 minutes after it took place and fixed it after another hour.

However, although the incident was fixed within two hours, the issue lingered throughout the day, as Eufy camera users remained trapped in already-established sessions and viewing someone else’s camera feeds.

As a result, the incident has caused mass panic among the company’s userbase. Throughout today, the company has faced a wave of criticism and huge backlash from its users, who felt their privacy was violated, as random individuals could watch video streams from inside their homes and of their family during private moments.

Making matters worse, the “intruders” could also control their cameras to pan and zoom at will, and also view their account’s data and get a user’s real name, home location, and other details that some felt could be used for threatening and extorting device owners.

“I have 3 little children. I am very worried that others are looking at my cameras too,” said a user today on Eufy’s Reddit channel, where tens of users congregated to complain about the company’s security breach.

Eufy-Reddit

As a result of the bug, users have been telling each other to turn off their Eufy cameras to prevent unauthorized access and recording of their homes and family.

But in an email sent to The Record, the company said that this is not necessary anymore. With the issue fixed, Anker wants Eufy camera owners to perform two steps that will re-establish their mobile app’s connection to the correct device:

We recommend that all users:

  1. Please unplug and then reconnect the device.
  2. Log out of the eufy security app and log in again.

Catalin Cimpanu is a cybersecurity reporter for The Record. He previously worked at ZDNet and Bleeping Computer, where he became a well-known name in the industry for his constant scoops on new vulnerabilities, cyberattacks, and law enforcement actions against hackers.