A huge Eufy privacy breach has resulted in both live and recorded camera feeds being shown to complete strangers. They also have complete access to the account, including control of pan-and-tilt cameras where fitted.
The issue was first noted on Reddit, and an Eufy cam owner at 9to5Mac has been able to confirm that he saw the same thing …
Reddit user MeChum87 reported it.
Anyone else have this? I checked my app today (from New Zealand) and noticed none of the videos were of my own. They are from someone in another country (nice Mustang) – “Kangaroo Cam” alludes to being in Australia somewhere. I can also see their contact details (as added accounts) […]
I have 3 little children, I am very worried that others are looking at my cameras too. Huge Security Breach Eufy – WTF. EufyCam – I’m throwing mine in the bin, I suggest you do the same.
Others said they’d seen the same thing.
“Noticed that my home base was playing up with red light then nothing so I jumped into the app and had access to someone else’s doorbell.”
“I’m having the same issue. I could access everything on somebody else’s account, including the live feed and I was controlling their camera (pan, tilt, rotate). I was able to take video recordings, using the in-app record button, which saved to my phone […] The camera I had access to was in the Los Angeles time zone.”
“I have the Eufy camera pro 365 battery life Home bas 2. Im from Aus and i can see someone’s cameras from America.”
“I’m seeing someones camera from Florida at the moment and I’m from Australia. They have cameras inside their house and that is just creepy.”
“Yep, me too. I’m seeing someone elses camera’s. Live feed, history, events, the lot. Full access to the Homebase, settings, home network info.”
A 9to5Mac writer confirmed the issue.
Could see all details, recordings, live (edited). It was like I was logged in as the person.
Logging out and then in again restored access to his own cameras.
Many of the Reddit reports are from Australia and New Zealand, but that may simply be a time-zone issue. Certainly it is occurring in the US too, and some of the feeds accessed were in the US.
We’ve reached out to Eufy for comment and will update with any response. If you’re using HomeKit Secure Video, then your feeds and recordings should be safe, but a mess-up of this scale certainly raises questions about whether that protocol is being used. For now, the smart thing would be to disable all Eufy cameras.
FTC: We use income earning auto affiliate links. More.