Eufy users can view camera images of other users due to bug

Smart home service Eufy suffers from a serious bug that makes it possible to see live images and recordings of other users. Some users seem to have full control over others’ accounts.

The issue was first spotted by several users on Reddit. They noticed that they could suddenly see images of other users in their app. They seem to have access to the full user accounts of other users. That means they can watch live with Eufy users’ cameras, as well as view stored images. Cameras can also be operated from a distance, for example by changing their position. It is also possible to change app settings. This shows the e-mail address of the logged in user.

Initially, the problems seemed to mainly affect Australian and New Zealand users, but now several international users are also reporting the problem. For some users, signing out and back in seems to work, but others note that they still see the wrong video feeds. The issues seem to only affect camera users, not users of other Eufy smart home products.

Update: Eufy writes on its website that it is a bug that arose during a server upgrade, but the company does not provide further details. The bug is said to have been fixed an hour and a half after it came into existence, but that doesn’t match what some users say: they say they had been affected by the leak for at least three hours.