This top security camera brand might be uploading photos to the cloud without you knowing

A security researcher has claimed Eufy security cameras are uploading photos containing personally identifiable data to its servers, breaching not only its own key selling proposition but also the EU’s General Data Protection Regulation (GDPR). 

According to a report by Android Central (opens in new tab), security researcher Paul Moore discovered that the Eufy Doorbell Dual camera uploads facial recognition data to the company’s AWS cloud, without encryption. 

The company, on the other hand, says it’s fully compliant with the data protection regulation and that the data collected is only used for notifications.

Compliant with GDPR?

In a series of tweets (opens in new tab), Moore claimed the data was being stored together with usernames and other information that could be used to identify people whose images were taken. What’s more, Eury keeps the data even when the user deletes it from the Eufy app, he claims. 

Moore has also said video feed can be accessed via a web browser, simply by knowing the right URL, with no passwords required. Camera videos encrypted with AES 128 are using a simple key which can be broken relatively easily, he said. 

Since b