Privacy breach: Home security camera footage sent to wrong person

After receiving a few security camera motion detection alerts, a woman realized the video footage she was seeing on her phone was not recorded from inside her house. Instead, she was seeing footage from a different “smart” Swann camera; she was seeing into the home of a different family — seeing a man and a woman and hearing the voice of child.

The woman, BBC journalist Louisa Lewis, contacted Swann after video clips tied to motion detection in someone else’s kitchen showed up in the app on her phone. It was the weekend, however, and Swann said nothing could be done until Monday even though Lewis asked Swann, “Do you understand this is really serious breach of privacy?”

When Monday rolled around, Swann put a stop to Lewis receiving the clips. Even though Swann said it could not identify or contact the family whose video footage was being shown to the BBC journalist, the company claimed, “We can confirm that no further data was breached or accessed by additional third parties.”

User error? Swann blamed customer

From Swann’s perspective, the user of their product is to blame. A spokesperson for Swann claimed “that ‘human error’ had caused two cameras to be manufactured that shared the same ‘bank-grade security key — which secures all communications with its owner.’”

Swann’s spokesperson further explained it to the BBC like this:

“This occurred after the [family] connected the duplicate camera to their network and ignored the warning prompt that notified: ‘Camera is already paired to an account’ and left the camera running,” she added.

“We are regretful that this was not addressed immediately and adequately by our support team, when discovered. We have addressed this and made some internal changes.”

Remember, Swann claimed no other customers had their privacy breached in this way by Swann showing footage to some random stranger.

Same security and privacy snafu occurred at least once this year

Except it was not a “one-off” incident, considering a similar incident happened in May when a “smart” Swann security system sent a U.K. couple camera footage taken in a pub.

Can @swannsecurity please tell me why both our smart devices can reliably access the CCTV cameras from a pub. Moreover, who’s viewing our cameras? Anyone recognise the pub? pic.twitter.com/LSfUIfF1FE

— The Obscure Brewer (@Battwave) May 30, 2018

Eventually this couple determined the pub was not located too far away. After speaking with the owner, the couple took a selfie using the pub’s security camera.

Great to meet the manager @newtownlinford and share our concerns that @swannsecurity remote access CCTV system is giving us images from his cameras in place of our own. Bizarre to be able to take a selfie using someone else’s CCTV camera pic.twitter.com/fTgmAVoPle

— The Obscure Brewer (@Battwave) June 3, 2018

While these are publicly known Swann camera blunders, there may have been other similar issues. Perhaps, like the BBC journalist, the person receiving the motion alerts tied to the wrong footage decided to blow it off as errors at first? It remains to be seen if any other customers will speak up about similar incidents.

Professor Alan Woodward from the University of Surrey told the BBC that he was “dubious that two users unrelated other than by geographic area would choose the same username and password combination enabling one to see the live video feed of the other. When both incidents are combined it does make you wonder if there are others who have had similar issues, and whether there is more at work here than has been so far explained.”