Updated Official Statement

While I did see a report from someone in Romania, it seems that the GDPR actually makes a difference for European citizens. Another example would be the new terms WhatsApp pushed onto everybody: in the EU WhatsApp was forbidden to share data by GDPR regulation, so the new terms don’t have any significant impact for them.
Hopefully eufy does the same for European citizens: handle their data differently. Maybe that’s why ‘we’ didn’t get impacted.

4 Likes
  • No apologies
  • Encryption, should that not prevent this…
  • A “bug” without proper explanation.
  • This means all eufy/chinese government employees can see your live feed/recorded videos.
  • Affected MFA accounts as well.
  • Cloud still required… even if its “stored” locally.
  • Company not being transparent.
  • Deflecting all accusations. (not their fault)

Should have gone with another brand…

5 Likes

The fix to this is Eufy shutting down their end. NOT requiring that all users perform the suggested actions.

2 Likes

This is a completely unacceptable response… Not one email or communication or push notification to alert with these instructions… I got to read multiple articles letting me know, and that’s seriously messed up.

7 Likes

Just give me cameras with two-way audio and no need whatsoever for the Eufy app. I’ll do everything through HomeKit thank you very much.

4 Likes

@deelightandsound Rectifying the issue is key. BUT a mistake of this magnitude…an actual apology to those who were effected should have been included in their statement. Accountability and humility tells a lot about a company during difficult times.

Canned answers like theirs is a joke or was written from someone with a legal background, lol. No empathy what’s so ever. Very specific and factual. No concern to their customers whose privacy was effected. This will be a PR nightmare…and responses like these…I hope it hits them where it counts $$$

3 Likes

That was some bug :woman_shrugging: I had full access to another family’s cameras. Inside and outside their house. I can only hope that if someone had the same view of my place that they took privacy issues into account and weren’t “watching” us

1 Like

Other companies that have had a similar issue it was caused by an incorrect setting on the server not a bug, the setting allows the authentication to be stored so someone could open the app & the server thinks it’s still the previous person & gives access to their account

I can tell you that I was not impressed at 3am when the alarm went off & how it would let me log into my account

I think something along those lines occurred (not official information).
That’s why it’s not really needed to change login credentials because they would be compromised.
Usually tokens are generated for access or whatever, but if those tokens get shuffled and the server thinks everything is OK, this can happen.

Is this why I received an un-requested 2fa activation code at 5:30am EST, on May 17, 2021?

I have since changed my password etc… but have lost faith in the security of this system.

3 Likes

NO! Seriously…

Do not drink the kool-aid!

This is a total B.S. EXPLANATION and Eufy has not taken ANY responsibility, nor have they been absolutely TRANSPARENT with we (the end-users) who TRUST THEM WITH OUR SECURITY!

Please, don’t be so flippant and uninformed. You are only adding to the fundamental problem …THERE WAS A MASSIVE BREACH ON THEIR SERVERS…WORLDWIDE!

C’mon…this cannot be dismissed with such a ludicrous & preposterous tale!

5 Likes

Tbh it wasn’t as bad as a breach that releases email, password, payment & location details

It also wasn’t worldwide, looks to be 1 of 3 server locations that was affected

99% sure this was due to human error which can easily happen and even be missed by a secondary checker

Yes I think they could release more details on the issue & steps they are taking to stop something similar in future but I highly doubt that will happen unless you work for the Chinese government & demand the information

1 Like

Glad there was a quick turnaround. Still a rough situation that should have been impossible with a properly isolated and individually secured system (encryption unique to each user).

It is clear that your system is not intrinsically secure when something like this happens. Having faith that human errors will not be repeated is hard - having a system that won’t fail in this way in spite of any possible human errors would be much more reassuring, look forward to hearing how you can move in that direction.

I love how everyone is demanding and an apology from Eufy, but when something similar happened to Ring and it was exposed how easily they share the camera feed with others no one batted an eye and carried in like it was nothing. So when Ring got hacked it’s whatever, but Eufy has server issues yall are quick to jump down their throat

1 Like

So how do you go about “unplugging” a wireless device (both camera and home base) and reconnect?

2 Likes

React as fast a possible - check

Show any type of concern, remorse, sincerity - STILL WAITING

Being blasé about something like this is unacceptable.

This reminds me of the alarm installation company. They install your system throughout your house and in two weeks rob you since they know how to bypass the system. Only possessions weren’t stolen it was privacy.

A software BUG is a instance of mistyped code, fetch or something along those lines typically. How is this a bug when there had to have been several lines of code that were incorrect. How are there no safety nets when coding for eufy? Because this has to be a built in feature that accidentally went online which was only meant for “corporate.”

Anyone care to explain that?

1 Like

Eufy has had major issues with their security software for 2 years now. Eufy hardware is great but their software department group sucks. And this latest issue is yet more proof. To me it looks like rather than pay high salaries to attract pro software programmers with many years of experience, their software dept is populated with either self taught or out of college newbies… and clearly it shows…

3 Likes

@Tank I wouldn’t make the assumption that everyone let Ring off the hook for their own security issues. It was a massively publicized topic in the media and a BIG reason why I chose Eufy over a year ago!! A company that allows us to control our own videos on a secure homebase with a promise of privacy and security…broken promises so far.

I get that some users are protective of Eufy and/or don’t believe it’s that big of an issue. But many would disagree. However, at any point, for whatever reason…if an individual has their cameras accessible by another user because of a security breach or “bug”. That is a BIG problem. Period!!

For those of you who don’t think it’s an issue, PLEASE submit your email, password and remove 2FA in this chat so we can all log onto you cameras, check out your digs, rob your privacy, talk to your family, change your settings, record events…and so on. As far as I know, I wasn’t compromised. However, I feel for those who were…but the worst part is knowing I could be next.

The sad part is when all this came out, I wasn’t surprised by this incompetency given my experiences with them throughout this last year. Confidence in their “security” brand is no better than Ring anymore. Like @Harry123 mentioned…their software department is atrocious!! They need quality engineers who have experience. This is not where you try and save a buck.

11 Likes