What evidence do you have about vetting? They don’t disclose that information anywhere I have seen. I find it odd and concerning that support has access to our SmartThings accounts without approval. Clearly @R2D2 didn’t give authorization so support should not have been in the account, let alone disclosed details about it to the community.
As for how to offer support without access, many companies accomplish this in several ways. Some examples: with a pin number or passphrase, a send logs function, authorization or revoke support access buttons from within the product\website, etc.
We should also be notified when this happens. An email that our data is being access could tip us off to either support accessing the wrong account (maliciously or otherwise) or a phishing attempt where someone contacts support impersonating us to gain information.
With the number of breaches increasing, SmartThings would be an attractive target. Support having unchecked access to everyone’s accounts is a disaster waiting to happen. It’s only a matter of time before a support team member falls victim to some sort of attack that may or may not result in a further compromise of customers home information.
@andrewcbrooks Can we get some more information about what SmartThings does to protect our accounts from a support personnel perspective?