Wyze,maker of smart home devicessuch as cameras, locks, and lightbulbs, has confirmed several data breaches that left personal data linked to millions of its customers exposed online.

The first leak was spotted by cybersecurity firmTwelve Securityand reported on December 26, while the second was reported a short while later by a Wyze community member. Twelve Security suggested the data belonged to as many as 2.4 million Wyze customers.

The data, which remained exposed from December 4 through June 09, 2025, included emails, camera nicknames, Wi-Fi network IDs, Wyze device information, and also body metrics for 140 people who were testing a new piece of Wyze hardware.

The Seattle-based startup said that no financial information or passwords were held in the exposed databases.

What happened?

Confirming the mishap in messagesposted on a Wyze forum, company co-founder Dongsheng Song said it resulted from an effort to “find better ways to measure basic business metrics like device activations, failed connection rates, etc.” Song said his team had transferred data from its main production servers to a more flexible database that was easier to query.

“This new data table was protected when it was originally created,” Song explained. “However, a mistake was made by a Wyze employee on December 4th when they were using this database and the previous security protocols for this data were removed.”

He added that the company, which launched two years ago, will provide a more detailed explanation once its investigation is complete. Song also strongly denied Twelve Security claims that Wyze data “is being sent back to the Alibaba Cloud in China.” He said that while the company does have official Wyze employees and manufacturing partners in China, it “does not share user data with any government agencies in China or any other country.”

Inan FAQ sectionabout the data breach, Song told users that in case the email addresses fall into the wrong hands, customers should be aware ofphishing attemptswhere criminals attempt to trick you into giving up log-in information for online services.

Wyze: “We’re devastated”

Apologizing to customers, the Wyze co-founder said: “We’ve always taken security very seriously, and we’re devastated that we let our users down like this. This is a clear signal that we need to totally revisit all Wyze security guidelines in all aspects, better communicate those protocols to Wyze employees, and bump up priority for user-requested security features beyond 2-factor authentication.”

Wyze’s misstep caps a grim year for data breaches. In the spring, data linked to80 million householdswas leaked online, and in October more than7 million Adobe customershad their personal information exposed. Facebook, meanwhile, saw data belonging to540 million of its usersexposed by third-party apps, and earlier this month information linked to267 million Facebook userswas found on a hacker forum. Other serious breaches involved financial services firmCapital Oneand photo site500px, among others.

We’d like to think 2020 will see companies taking much better care of our personal information online, but we’re not holding our breath.