Users of Anker’s EufyCam security cameras are lighting up Reddit and Anker’s message boards with reports that instead of seeing their own video feeds on the Eufy app, they’re finding videos from complete strangers.
One Redditor in New Zealand said he opened the Eufy app and saw videos from “someone in another country,” complete with their account details, while another EufyCam user in Australia reported finding videos of a family in Honolulu, Hawaii.
Signing out of your Eufy account and then signing back in again seems to resolve the problem, and indeed, many EufyCam users say they’re being prompted to log in again.
Neither Eufy nor its parent, Anker, have released any details about the apparent privacy breach. We’ve reached out to them for comment.
It’s worth noting that the EufyCam security hole doesn’t seem to have affected Eufy users who use their cameras with Apple’s HomeKit Secure Video platform, which analyzes captured videos locally on “home hub” devices such as Apple TVs, iPads, and HomePod speakers. HomeKit Secure Video also lets you store encrypted security videos in iCloud, where they’re only accessible by their owners.
The apparent Eufy security breach highlights the threat posed by security cameras that offer cloud-based video storage: namely, that your videos could be accessible to third parties or vulnerable to privacy glitches.
Apple pitched HomeKit Secure Video as a privacy-minded alternative to cloud-based storage on third-party servers. Many EufyCam devices also offer local, on-device storage in addition to cloud storage.
In any event, we recommend that all EufyCam users immediately sign out of their accounts and sign in again—or, if possible, turn your cameras off completely until we get more details about what happened.