Enlarge / Wyze Personal surveillance camera connected to the web, August 2019.

Many people found new Wyze surveillance cameras under their trees or in their stockings this Christmas. And on Boxing Day, the company itself developed a completely new world of problems for everyone who uses its products, confirming a data leak that may have exposed personal data to millions of users over the course of a few weeks.

Wyze learned about the problem for the first time on the morning of December 26, company co-founder Dongsheng Song said in a corporate blog post. The company's investigation confirmed that user data "were not adequately insured" and were exposed as of December 4.

The database in question was basically a copy of the production database that Wyze created to work, Song explained. The data points that are exposed include users' email addresses, camera nicknames, Wi-Fi network information, Wyze device information, some tokens associated with Alexa integrations and "body metrics for a small number of product beta testers. "

The company blames an employee for the exposure. "A Wyze employee made a mistake on December 4 when they used this database and the previous security protocols for this data were removed," Song wrote. "We are still investigating this event to find out why and how this happened."

A couple of trials from a mysterious (and possibly false) company called 12Security first brought the leak to light. The firm alleges that data from 2.4 million Wyze users were included in the leak, claiming that the data was sent to the Alibaba cloud and that the violation is linked to China.

However, Seattle-based Wyze has extremely strong ties with Amazon and strongly denies the accusation that it uses the Alibaba cloud. "Wyze has official Wyze employees and manufacturing partners in China, but Wyze does not share user data with any government agency in China or any other country," the company said.