By 
Technology company Wyze has said a server leak has unearthed the details of nearly 2.4 million customers.
The leak happened after an internal database was unintentionally uncovered online, Wyze co-founder Dongsheng Song said.
Song said the uncovered database was not a production system; nevertheless, the server was storing valid user data. The Elasticsearch server, a technology for running super-fast search queries, was set up to help the company sift the massive amount of user data.
“To help manage the extremely fast growth of Wyze, we recently initiated a new internal project to find better ways to measure basic business metrics like device activations, failed connection rates, etc,” Song said.
“We copied some data from our main production servers and put it into a more flexible database that is easier to query. This new data table was protected when it was originally created. However, a mistake was made by a Wyze employee on December 4th when they were using this database and the previous security protocols for this data were removed. We are still looking into this event to figure out why and how this happened.”
The leaky server was revealed and recognized by cyber-security consulting firm Twelve Security and self-sufficiently confirmed by reporters from IPVM, a blog devoted to video surveillance products.
The Wyze executive expressed his displeasure with how the two parties, Twelve Security and IPVM, dealt with the data leak revelation, giving Wyze only 14 minutes to rectify the leak before going public with their results.
“We were first contacted through a support ticket at 9:21 a.m. on December 26 by a reporter at IPVM.com. The article was published almost immediately after (Published to Twitter at 9:35 a.m.). It was published in conjunction with a blog post from a private security company also published on December 26th. We were made aware of this article at ~10:00 a.m. from a community member who had read the article.”
