diff --git a/server/src/pages/shotindex/server.js b/server/src/pages/shotindex/server.js
index 858aa5139b..b713ea33cb 100644
--- a/server/src/pages/shotindex/server.js
+++ b/server/src/pages/shotindex/server.js
@@ -16,7 +16,7 @@ app.get("/", csrf({cookie: true}), function(req, res) {
   let query = req.query.q || null;
   let getShots = Promise.resolve(null);
   if (req.deviceId && req.query.withdata) {
-    getShots = Shot.getShotsForDevice(req.backend, req.deviceId, query);
+    getShots = Shot.getShotsForDevice(req.backend, req.deviceId, req.accountId, query);
   }
   getShots.then(_render)
     .catch((err) => {
diff --git a/server/src/servershot.js b/server/src/servershot.js
index e841c16d59..709d37f8f3 100644
--- a/server/src/servershot.js
+++ b/server/src/servershot.js
@@ -459,18 +459,17 @@ Shot.checkOwnership = function(shotId, deviceId, accountId) {
   })
 };
 
-Shot.getShotsForDevice = function(backend, deviceId, searchQuery) {
+Shot.getShotsForDevice = function(backend, deviceId, accountId, searchQuery) {
   if (!deviceId) {
     throw new Error("Empty deviceId: " + deviceId);
   }
+  // accountId is null if not set, treated as NULL in the SQL query
   return db.select(
     `SELECT DISTINCT devices.id
-     FROM devices, devices AS devices2
-     WHERE devices.id = $1
-           OR (devices.accountid = devices2.accountid
-               AND devices2.id = $1)
+     FROM devices
+     WHERE devices.id = $1 OR devices.accountid = $2
     `,
-    [deviceId]
+    [deviceId, accountId]
   ).then((rows) => {
     searchQuery = searchQuery || null;
     let ids = [];