The implications of this, are quite terrifying

Hate to see this…especially given that it’s OUT THERE IN THE WILD so folks are bound to see a significantly ramped up attempt at compromising their camera feeds!

SIDENOTE:
just moments ago, after providing feedback to Eufy regarding their 3 options for the new security homepage, I opened my local weather app and after a few minutes, went back to the Eufy app–didn’t relaunch it, just went into my RECENT APPS LIST & tapped on it expecting it to open directly. Instead, I was met with the LOGIN SCREEN and was forced to provide my password to get back into the app. Weird.

If EUFY had FORCED users to log back in…you’d think they’d ALSO FORCE EVERY USER TO REGISTER A NEW PASSWORD UPON LOGIN!

The way they handle (or DON’T handle) security is beginning to REALLY tick me off!

1 Like

Did you have mfa on

When I relaunched the app around 8:30 my Face ID came up. I’ve been on this since around 4:00am. It took me a minute to realize what was going on when my cameras were not on my app and someone’s doorbell was on it. I unplugged the base, logged out, changed my password an cleared my local storage.

https://www.ozbargain.com.au/node/623785

1 Like

STRIP TEASE!: I’m doing a striptease in front of my 7 brand new Eufy cams right now. It’s exhilarating knowing I might have an audience. If you are watching, please yell words of encouragement over the speaker!

EUFY STAFF - If you are playing along at home, please enjoy the show, but I’d also suggest you do some direct comms to end users via the app and a media release (even if you haven’t got to the bottom of what went wrong yet - remaining silent in a crisis is never good for PR and consumer confidence). Also, in addition to the amazing discounts you will be offering at tax time to try to restore confidence and attract new users…I think it’d be a nice gesture if you offered your existing user-base a very special “sorry we broke your trust” price on some of your new 2k cameras. I know my new Strip tease audience would appreciate the extra resolution!

5 Likes

Same. Australia here and just saw a family from Hawaii.
It looks rectified now but maybe delete any cloud or base station motion recordings also as they can be accessed. We weren’t sure if it went into some store demo mode at first or what was going on. Having a look about I released I had everything in my control. Camera on/off, viewing, alarms, door bells, tilt, their email address, timezone and location along with their auto motion recordings.
Pretty worrying stuff. May look into another system as a replacement I think.

1 Like

Too little too late! Privacy & Security was totally breached, I have 11 Eufy devices & have had to go through & check every single setting & automation on each & every device!

4 Likes

I was on my way to bed at 7:30pm when I checked my cameras & realised I had complete control of someone else’s Eufy Security Camera System 15,000 kilometres away as well as their account & recordings. I’ve just finished checking all of my 11 Eufy devices settings & it’s now almost 5 hours later, so thank you Eufy for your all too little too late cut & paste, explanation. Pfft

4 Likes

Got this …

Message from eufy by eufy_Official

Dear user,

The issue was due to a bug in one of our servers.
This was quickly resolved by our engineering team and our customer service team will continue to assist those affected.

We recommend all users to:
1.Please unplug and then reconnect the home base.
2.Log out of the eufy security app and log in again.

Contact support@eufylife.com for enquiries.

1 Like

Why is no one responding? I can’t see anyone else’s feed but how do I know if anyone else can see my feeds? What sort of compensation is going to be offered for this?

1 Like

Who is to say it was even Eufy in control of the app requesting your old password and a new one, the asking for Face ID? All my CRAP is unplugged or turned off.

Eufy, answer this? How does the community trust anything you say or do going forward? There still isn’t any acknowledgment that I’ve seen except for a “reset your password.” Maybe the word SECURITY shouldn’t be attached to any of your products.

OWN YOUR MISTAKES!!!

4 Likes

I wasn’t able to see other user’s devices here in the UK but who knows if anyone had access to mine. For now, all eufy devices remain unplugged and turned off.

Sent an email over to support asking for more info seeing as we aren’t getting anything publicly.

It’s beyond a joke that there are no Eufy reps on here keeping us updated.

1 Like

@Yanyee1 any information you can give us?

This is possibly one way to hold them accountable in the US. File a complaint for potential investigation. https://www.ic3.gov/Home/FileComplaint

Outside of US if you are protected by GDPR, consider seek help from that route.

2 Likes

Here’s an alternative to the indoor cams with two way audio
Aqara HomeKit Secure Video Indoor Camera, Night Vision, Two-Way Audio, 1080P HD Plug-in Indoor Camera, Family-Friendly Video Surveillance System, Smart Home Bridge for Alarm System https://smile.amazon.com/dp/B08F2DBP3Y/ref=cm_sw_r_cp_api_glt_fabc_V8WAMZDGGCDVQNFAGBRQ?_encoding=UTF8&psc=1

This is pretty scary for sure. When I was on my app earlier today I only saw my own cameras. Both my cameras are outside and not showing anything that you can’t see from Google Earth. My cameras are still in the return window. If I saw someone else’s cameras or thought for one minute that someone was seeing mine I’d send them back. Eufy not responding on their own forum doesn’t do much for customer confidence.

The people seeing other’s cameras are you on the Eufy cloud?

1 Like

I (thankfully) have not had any of the issues that others have had today regarding their cameras. The only cameras that were listed in my app were mine and I did not see anyone else’s. However, that does not give me confidence that others could not see my camera feeds.

The lack of acknowledgement from Eufy is astonishing and is making me rethink using their products. The most annoying thing about all of this, aside from the massive security breach and loss of confidence, is the fact that I’m going on vacation in two weeks and was counting on Eufy keeping an eye on my apartment.

2 Likes

Can you share the source of this official statement - a URL?

I turned all mine off.

Setup a group on my router to block internet for all Eufy devices, powered devices back up, they all get an IP address but ALL are dead.

So it appears despite recording locally every camera, doorbell and HomeBase has a critical dependency to be able to have unfettered access to the internet or they are just paperweights.

So can’t power them up or risk compromise, and can’t block unneeded internet access because they are all useless unless that can call home.

2 Likes

Statement from eufy Security - News - Eufy Security Collective (eufylife.com)