The implications of this, are quite terrifying

My 7 Eufy Cameras, 2 Eufy Entry Sensors & 3 Home Bases are now GONE from my Eufy App & instead, despite being signed into my ACCOUNT, I now have & are in CONTROL OF SOMEONE ELSE’S CAMERAS & HOME BASE IN ANOTHER COUNTRY! WTF EUFY?

13 Likes

Have the same thing here. Can see multiple other cameras around the world, including inside people’s houses.

3 Likes

WOW, what a total Security Breach! (that’s why I never put these things inside my house)

4 Likes

Happened to us but the reverse, a lady was talking to us through our own cameras from a complete other area of the world. What the heck is going on??? Any comment from Eufy on this? Are accounts not secured?

4 Likes

this exact thing has just happened to us, there is a lady talking to us through our cameras

1 Like

Same thing happened here, y’all should consider changing your password, log off and then log back in. Eufy team you need to look into this and let us know what happened?

2 Likes

Multiple reports of the same thing on the “Eufy Security Camera Owners” FB group as well.

2 Likes

Same thing happened to me, I lost all my cameras but had control over someone else’s even though I was logged in to my account. I deleted the Eufy app and reinstalled it and that solved the problem but this needs urgent attention!

2 Likes

Same here… had a view of a fancy pool.
Very disturbing though

1 Like

HELLO @EUFY

IS ANYONE THERE LISTENING TO THIS THREAD???

Seriously, the lack of IMMEDIATE RESPONSE FROM @EUFY to this frightening and frankly UNACCEPTABLE BREACH OF SECURITY (and trust) is beyond worrisome!

This sort of thing is NOT the news Eufy wants hitting Twitter, or other social media. …much less the tech pages and vlogs of security, IoT and other technology based sites, digital magazines & the like.

This news could seriously do the Eufy brand in once it got out into the ether…

What gives???

10 Likes

The best I could get from Eufy was an automatic email reply saying it may take 24 hours to reply LOL

That’s shameful.
This is blowing up in multiple threads across the community.

I believe this is a major beach in Eufy’s CLOUD storage solution! It’s why I’ve been begging them to allow me to CHOOSE MY OWN CLOUD PROVIDER…I would use pCloud or Mega over the Eufy-provided service–especially given this nightmare!

Can you confirm whether you’re using LOCAL micro SD card OR your own NAS, or are you configured to use their Cloud service to upload & retrieve your security footage?? I’m glad this gremlin hasn’t struck my setup. Hopefully my lack of faith in the Eufy Cloud solution was WISE and fortuitous after all.

2 Likes

This forum may not be the best way to get their attention, maybe try posting on Social media with the hashtag #eufycambreach?

2 Likes

Yep I just logged on to check my cams and instead I was treated to someone else’s cams I believe to be in eastern USA according to the timezone (I’m in Australia). I was able to pan and tilt, activate alarms, speak and listen and record video and take screenshots. Question is who was looking at my cams?

4 Likes

Yeah it appears Eufy’s servers have been breached & compromised.

No I do not cloud storage for anything, let alone Chinese cameras, it’s stored locally on the Home Bases & cameras, not that that turned out to be safe

2 Likes

Don’t worry, I have made every major news outlet aware of this in Australia…This is a massive breach of consumer trust for a company built upon their reputation for security… Heaven help them if a home invasion is attributed to someones eufy door lock being disable from the other side of the world… I had vision of a person in the USA - quite obviously early AM there leaving people sooooo very exposed.

6 Likes

It amazes me how people don’t realize this exact scenario is likely when installing these things. NOTHING is safe or unhackable. We should all realize this going on and take appropriate measures…

4 Likes

Already in some online newsfeeds:

2 Likes

Has this happen to anyone in the UK yet?

The problem is… for those (unlike myself) who do NOT faithfully follow Edward Snowden, William Binney, Thomas Drake, Mark Klein, et al, and who aren’t normally engrossed in CYBER NEWS and feast routinely on latest info regarding security breaches, hacks, malware campaigns, zero-day exploits and more; such as would be found here:
https://www.csiac.org/resources/cybersecurity-related-websites/

…and/or those who don’t maintain e-mail subs to the following 15 sites as listed here:

…I’m not sure what you mean by “APPROPRIATE MEASURES.”

No offense, but I’d really like to see you expound a bit further on this topic because I’m certainly curious and I’m positive there are a good many others in the community that would benefit from such wisdom!

I maintain a very tightly controlled mesh network that in fact has two entirely separate wireless radio instantiations for both 2.4GHz & 5GHz bands so that my SSID / keys for all of the mobile devices & PCs within my home are kept PHYSICALLY & ELECTRONICALLY separated from the SSID & passphrase for all of the IoT devices, Smart Devices (TVs, Roku, Nest, Google Mini, SmartThings, Hue, my Habitat, et al)–this includes my Eufy cameras & doorbell.

My reasoning / logic for this is straightforward as can be: IoT devices with their INHERENTLY POOR QUALITY FIRMWARE, WHICH IS RARELY IF EVER PATCHED are notoriously ripe for hacking, attacking, re-appropriating as in zombie in a botnet / DDoS and of course using as a backdoor of sorts to work ones’ way back through the compromised device into the network / router and laterally throughout prized devices like PCs, smartphones and anything with banking info etc.

BY KEEPING ALL IoT devices on their own set of wireless radios with robust firewall & logging OFF OF MY main gateway & subnet, it is the one practical way that I have found to take “APPROPRIATE MEASURES,” as you say.
Granted, I’d love to have my own RADIUS SERVER FOR KEY MANAGEMENT…but that’s not practical at this stage. (Although, with the current state of affairs with WPA2 AND WPA3 both being compromised and remaining NOT fully patched to date–the RADIUS sever is looking & feeling like a much more reasonable investment).

Anyone else in the community / thread with wisdom and/or advice along these lines…PLEASE DON’T HESITATE TO SHARE. It’s obvious that right now…WE NEED IT (thanks in no small part to @Eufy apparently being breached)!

1 Like