Yes, there are class action lawsuits against Wyze Labs following a February 2024 data breach that exposed live camera feeds and thumbnail images to approximately 13,000 customer accounts. The breach occurred when customers unknowingly accessed other users’ camera feeds instead of their own—a critical security failure that highlighted the vulnerabilities in how Wyze handles customer data. Multiple lawsuits have been filed, and the company is also facing additional litigation over a separate SD card vulnerability that allowed hackers to access stored images and videos.
Wyze’s February 2024 incident represents a significant breach of privacy, but it was not the company’s first security failure. In 2019-2020, Wyze exposed 2.4 million customers’ personal information, including usernames, email addresses, and credentials that granted access to live camera feeds. The pattern of security failures has prompted consumers to pursue legal action to recover damages and hold the company accountable for inadequate security safeguards.
Table of Contents
- What Exactly Happened in the February 2024 Wyze Camera Security Breach?
- How Did This Security Vulnerability Happen and What Does It Reveal About Wyze’s Security Practices?
- What Class Action Lawsuits Were Filed Against Wyze Over the Security Breach?
- What Are My Options for Filing a Claim or Joining the Class Action?
- What Are the Ongoing Security Risks From Wyze Cameras?
- A History of Wyze Security Problems
- What Should Smart Home Security Users Do?
- Conclusion
What Exactly Happened in the February 2024 Wyze Camera Security Breach?
On February 16, 2024, during a system outage, Wyze discovered a critical software bug in a third-party caching client library that confused device IDs with user IDs. This confusion meant that when customers accessed their Wyze cameras, they were sometimes viewing live feeds and thumbnail images from other customers’ accounts instead of their own. A customer in Kansas City, for example, might have opened their Wyze app expecting to see their own front doorbell camera but instead found themselves watching someone else’s bedroom or living room.
The scope of the breach was limited to approximately 13,000 accounts, but the nature of the exposure was particularly invasive. Unlike data breaches where hackers steal information from company servers, this breach allowed affected users to directly view private camera feeds—some showing family members, children, pets, and other intimate moments that were never meant to be shared. Wyze detected the breach during a broader system outage and immediately addressed the bug, but the damage had already been done.
How Did This Security Vulnerability Happen and What Does It Reveal About Wyze’s Security Practices?
The root cause of the breach traces back to Wyze’s reliance on a third-party caching library that did not properly validate the relationship between device IDs and user accounts. Rather than implementing robust identity verification systems before serving camera feeds, the caching layer mixed up which devices belonged to which users. This type of failure suggests that Wyze’s security architecture did not include adequate layering and validation checkpoints—basic security practices that larger tech companies implement as standard.
The limitation of Wyze’s security model is that it depended on the correct functioning of third-party code without sufficient independent verification. A warning for customers: even when a device manufacturer uses reputable third-party libraries, those libraries may not have been thoroughly tested for the specific way a company integrates them. Wyze’s incident demonstrates that outsourcing components of your security infrastructure requires the same level of scrutiny as building them in-house. For consumers, this raises a critical question: how thoroughly is Wyze testing security-critical code before pushing updates to customers’ devices?.
What Class Action Lawsuits Were Filed Against Wyze Over the Security Breach?
Multiple class action lawsuits were filed against Wyze Labs following the February 2024 breach. These lawsuits allege that Wyze failed to implement adequate security safeguards to protect customer data and failed to promptly disclose the breach to affected customers. The legal argument centers on Wyze’s responsibility as a provider of security devices—cameras designed specifically to protect people’s homes—to maintain the highest possible security standards.
Beyond the February 2024 incident, a separate class action lawsuit was filed alleging that Wyze Labs knowingly concealed a security vulnerability that allowed hackers to access images and videos stored on local SD card memory. This separate vulnerability suggests a pattern of security failures that Wyze either failed to identify or chose not to disclose. The distinction is important: the February breach was a bug that exposed live feeds, while the SD card vulnerability was a structural weakness in how Wyze’s devices store and protect locally recorded footage. Together, these lawsuits paint a picture of a company where security practices are reactive rather than proactive.
What Are My Options for Filing a Claim or Joining the Class Action?
Customers who owned Wyze cameras and had accounts exposed during the February 2024 breach may be eligible to join the class action lawsuit. The process typically involves identifying which lawsuit covers your situation, determining your eligibility based on account ownership and potential exposure, and registering your claim through the settlement administrator once a settlement is reached. You do not need to hire an attorney to participate in a class action—the class action structure was designed to allow individuals to seek compensation without bearing legal costs individually. The comparison between different settlement outcomes matters significantly.
Some settlements offer cash payments to affected customers, while others provide credit toward Wyze products or services, account credits, or mandatory security improvements. Cash settlements are typically preferred by consumers because they provide flexibility and acknowledgment of harm, whereas product credits essentially ask you to continue investing in the company that harmed you. When evaluating your options, prioritize settlements that offer monetary compensation rather than credits toward future Wyze purchases. You can also choose not to participate in a class action settlement and pursue your own lawsuit, though this is generally more expensive and time-consuming for individual consumers.
What Are the Ongoing Security Risks From Wyze Cameras?
Customers who continue to use Wyze cameras face unresolved questions about the company’s security practices. The February 2024 breach and the separate SD card vulnerability indicate that Wyze’s security model may have fundamental structural weaknesses. A warning: if Wyze’s caching layer confused user IDs once, it could potentially happen again with a different bug, especially if the company has not overhauled its entire security architecture in response.
The SD card vulnerability is particularly concerning because it reveals that Wyze does not adequately protect locally stored footage. When customers record video to a microSD card inside their Wyze camera, they expect that footage to remain private even if the device is physically removed or stolen. If hackers can access SD card contents remotely, then the entire concept of local storage as a security measure is compromised. This limitation—that Wyze cannot guarantee the security of locally stored content—is something every current and potential customer should understand before purchasing these devices.
A History of Wyze Security Problems
The February 2024 breach was not Wyze’s first major security failure. In 2019-2020, Wyze exposed 2.4 million customers’ usernames, email addresses, and credentials that allowed direct access to live camera feeds. That earlier breach was discovered by a cybersecurity researcher who found an unsecured Amazon cloud database containing the sensitive information.
The credentials leaked in 2019-2020 meant that hackers could log into customer accounts and watch their cameras without needing to hack Wyze’s systems—they could simply use the stolen usernames and passwords. This history shows a pattern: Wyze has repeatedly failed to implement adequate security measures to protect its customers. The 2019-2020 incident should have prompted a complete security overhaul, yet the company experienced another major breach just four years later. For potential customers, this pattern is a significant red flag about the company’s commitment to security.
What Should Smart Home Security Users Do?
For customers currently using Wyze cameras, consider whether you need the functionality they provide versus the security risks you are accepting. If you decide to continue using Wyze devices, enable two-factor authentication on your account, use a unique strong password, and regularly monitor your account for unauthorized access. These steps do not eliminate the risk of breaches at Wyze’s infrastructure level, but they reduce the risk of criminals using your exposed credentials.
For customers evaluating smart home security systems, prioritize companies with a documented history of transparent security practices, timely vulnerability disclosure, and investment in security infrastructure. Major alternatives include established companies that publish security audit reports and offer stronger encryption of stored footage. While no company is immune to breaches, choosing providers with a strong security track record and transparency significantly reduces your risk.
Conclusion
The Wyze camera data breaches and resulting class action lawsuits illustrate the consequences of inadequate security in consumer IoT devices. With approximately 13,000 customers directly exposed to privacy violations in February 2024, plus 2.4 million customers affected by the earlier credential leak, Wyze’s security failures have impacted millions of people. The class action litigation is a mechanism for holding the company accountable and recovering damages for affected customers.
If you owned a Wyze camera account that may have been affected by either the February 2024 breach or the SD card vulnerability, you should investigate your eligibility to join the relevant class action lawsuits. Monitor major class action websites and your email for notifications about settlement claims, as deadlines for joining or filing claims are strictly enforced. The outcome of these lawsuits may include financial compensation, account credits, or commitments from Wyze to improve its security practices—all of which are important steps toward holding companies accountable for protecting customer privacy.