Eight Sleep: Difference between revisions

Eight Sleep
Basic information
Founded	2014
Type	Private
Industry	Mattresses
Official website	https://eightsleep.com/

VisualWikitext

Latest revision as of 04:54, 12 March 2025

❗Article Status Notice: This Article is a stub

Notice: This Article Requires Additional Expansion

This article is underdeveloped, and needs additional work to meet the wiki's Content Guidelines and be in line with our Mission Statement for comprehensive coverage of consumer protection issues. Issues may include:

This article needs to be expanded to provide meaningful information
This article requires additional verifiable evidence to demonstrate systemic impact
More documentation is needed to establish how this reflects broader consumer protection concerns
The connection between individual incidents and company-wide practices needs to be better established
The article is simply too short, and lacks sufficient content

How You Can Help:

Add documented examples with verifiable sources
Provide evidence of similar incidents affecting other consumers
Include relevant company policies or communications that demonstrate systemic practices
Link to credible reporting that covers these issues
Flesh out the article with relevant information

This notice will be removed once the article is sufficiently developed. Once you believe the article is ready to have its notice removed, visit the Discord (join here) and post to the #appeals channel, or mention its status on the article's talk page.

Eight sleep is an American company that develops mattresses with temperature control.

Consumer impact summary[edit | edit source]

Switch to subscription model: features previously advertised as free are now locked behind a subscription.
Security concerns: connecting the mattress to the internet poses the entire network at risk.

Incidents[edit | edit source]

Switch to subscription model[edit | edit source]

In February 2023, Eight Sleep started to require a paid subscription^[1] (with an annual cost ranging from $180 to $288) to access most of the mattress functionality, including sleep tracking, automatic temperature adjustments and scheduled temperature. Without subscribing the only way to adjust the temperature is manually.^[2]

Security flaws[edit | edit source]

Cyber security researcher Dylan Ayrey of Truffle Security uncovered critical security vulnerabilities in Eight Sleep smart beds. Ayrey began his research after discovering an open AWS key in the bed's firmware and went ahead to test its vulnerabilities.^[3]

Key findings:[edit | edit source]

AWS Key Exposure: AWS key is an entry into the cloud that should not be seen. Unchecked, it can leave the door open for unauthorized individuals to have access to secret data, use cloud services illegitimately, or even put charges on the account of its owner. Here, the compromised key could then end up breaching account security, but arguably more of Eight Sleep's infrastructure than individuals.
SSH Backdoor: Ayrey found a backdoor that allows SSH access or executes arbitrary code. This indicates that Eight Sleep engineers can access the bed remotely, monitor its usage, and even access other devices on the same home network.

Impact:[edit | edit source]

Besides rendering the smart bed ineffective, the vulnerability also threatens the security of the entire home network.

References[edit | edit source]

[1] ttps://www.eightsleep.com/blog/understanding-the-eight-sleep-membership/

[2] ttps://www.reddit.com/r/EightSleep/comments/1e2euan/8sleep_subscription_scam/

[3] ttps://www.tomshardware.com/tech-industry/cyber-security/security-researcher-finds-vulnerability-in-internet-connected-bed-could-allow-access-to-all-devices-on-network

[1]

[2]

[3]

@@ Line 1: / Line 1: @@
+{{StubNotice}}
 {{InfoboxCompany
 | Name = {{PAGENAME}}
-| Type =
+| Type =Private
-| Founded =
+| Founded =2014
-| Industry =
+| Industry =Mattresses
-| Official Website =
+| Official Website =https://eightsleep.com/
-| Logo =
+| Logo =Eight Sleep logo.png
-}}
+}}'''[[wikipedia:Eight_Sleep|Eight sleep]]''' is an American company that develops mattresses with temperature control.
+==Consumer impact summary==
+*'''Switch to subscription model:''' features previously advertised as free are now locked behind a subscription.
+*'''Security concerns:''' connecting the mattress to the internet poses the entire network at risk.
+==Incidents==
-Eight sleep spies on customers, being able to detect when they're sleeping, how many people are in the bed, and control remote features, while also allowing engineers to SSH into customers' beds, giving them full access to the users' network. All while charging a subscription for this(that didn't exist back in the day)
+===Switch to subscription model===
-==Consumer impact summary==
+In February 2023, Eight Sleep started to require a paid subscription<ref>https://www.eightsleep.com/blog/understanding-the-eight-sleep-membership/</ref> (with an annual cost ranging from $180 to $288) to access most of the mattress functionality, including sleep tracking, automatic temperature adjustments and scheduled temperature. Without subscribing the only way to adjust the temperature is manually.<ref>https://www.reddit.com/r/EightSleep/comments/1e2euan/8sleep_subscription_scam/</ref>
-{{Placeholder box|Overview of concerns that arise from the company's conduct regarding (if applicable):
-* User Freedom
-* User Privacy
-* Business Model
-* Market Control}}
-$2
-==Incidents==
-{{Placeholder box|If the company page is short enough and/or the incident is not deserving of its own page, add incidents below in sub-sections (including the points outlined in [[Consumer_Action_Taskforce:Sample/Incident/Help|the incident help page]]) without linking/creating an incident page.
-If the company has various incidents listed and/or this page is getting too long, create subsections linking to each incident while linking to the main article and including a short summary. To link to the page use the "Hatnote" or "Main" templates.
+===Security flaws===
+Cyber security researcher Dylan Ayrey of Truffle Security uncovered critical security vulnerabilities in Eight Sleep smart beds. Ayrey began his research after discovering an open AWS key in the bed's firmware and went ahead to test its vulnerabilities.<ref>https://www.tomshardware.com/tech-industry/cyber-security/security-researcher-finds-vulnerability-in-internet-connected-bed-could-allow-access-to-all-devices-on-network</ref>
-If the company has numerous incidents then format them in a table (see [[Amazon]]). }}
+====Key findings:====
-This is a list of all consumer protection incidents this company is involved in. Any incidents not mentioned here can be found in the [[:Category:{{FULLPAGENAME}}|{{PAGENAME}} category]].
+*'''AWS Key Exposure''': AWS key is an entry into the cloud that should not be seen. Unchecked, it can leave the door open for unauthorized individuals to have access to secret data, use cloud services illegitimately, or even put charges on the account of its owner. Here, the compromised key could then end up breaching account security, but arguably more of Eight Sleep's infrastructure than individuals.
-===Example incident one (''date'')===
+*'''SSH Backdoor''': Ayrey found a backdoor that allows SSH access or executes arbitrary code. This indicates that Eight Sleep engineers can access the bed remotely, monitor its usage, and even access other devices on the same home network.
-{{Main|link to the main article}}
-Short summary of the incident (could be the same as the summary preceding the article).
-===Example incident two (''date'')===
-...
-==Products==
+====Impact:====
-{{Placeholder box|This is a list of the company's product lines '''with articles on this wiki'''.
+Besides rendering the smart bed ineffective, the vulnerability also threatens the security of the entire home network.
-* [[Example product line one]] (release date): Short summary of the product's incidents.
-* [[Example product line two]] (release date):}}
 ==See also==
-{{Placeholder box|Link to relevant theme articles or companies with similar incidents.}}
+*[[Retroactively amended purchase]]
 ==References==