Feeds from thousands of Trendnet home security cameras have been breached, allowing any web user to access live footage without needing a password.
Internet addresses which link to the video streams have been posted to a variety of popular messageboard sites.
Users have expressed concern after finding they could view children's bedrooms, among other locations.
US-based Trendnet says it is in the process of releasing updates to correct a coding error introduced in 2010.
It said it had emailed customers who had registered affected devices to alert them to the problem.
However, a spokesman told the BBC that "roughly 5%" of purchasers had registered their cameras and it had not yet issued a formal media release - despite being aware of the problem for more than three weeks.