Nest Camera Breach

This is what I came across.
It is scary.

Nest was not hacked. Based on Nest’s response, the user used poor password management. I’m guessing he got phished and then the bad guy had the same access to his system that he has.

2 Likes

It’s definitely scary, but so far all the cases like this which have been reported (I’ve seen at least seven or eight) weren’t the camera itself being hacked: the person’s nest account had been hacked, usually Because they were using the same ID and password that they had used elsewhere.:scream:

So the usual good practices apply:

One) use a different password for every online account. It’s easiest to do this if you use one of the password managers like DashLane or 1password

Two) check one of the sites that report largescale password breaches to see if your ID is out for other people to see. If it is, change all your passwords immediately.

  1. keep your app and camera software up-to-date
2 Likes

Here is a good place to check:

https://haveibeenpwned.com

1 Like

there are actually people that aren’t on any of these lists?

1 Like

Received this email from Nest today…

Nest

Hello,

In recent weeks, we’ve heard from people experiencing issues with their Nest devices. We’re reaching out to assure you that Nest security has not been breached or compromised. We also want to remind you of a few easy things you can do to get the most out of Nest’s security features.

For context, even though Nest was not breached, customers may be vulnerable because their email addresses and passwords are freely available on the internet. If a website is compromised, it’s possible for someone to gain access to user email addresses and passwords, and from there, gain access to any accounts that use the same login credentials. For example, if you use your Nest password for a shopping site account and the site is breached, your login information could end up in the wrong hands. From there, people with access to your credentials can cause the kind of issues we’ve seen recently.

We take protecting our users’ security very seriously. For added password security, the team looks across the internet to identify breaches and when compromised accounts are found, we alert you and temporarily disable access. We also prevent the use of passwords that appear on known compromised lists. While we can’t stop password breaches across the internet, we’re committed to limiting the impact of compromised credentials on Nest Accounts.

While we continue to introduce additional security and safety features, we need your help in keeping your Nest Account secure. There are several ways for you to protect your home and family. Here’s what you can do:

Enable 2-step verification: The most important thing you can do is enable 2-step verification. Security experts agree that 2-step verification offers an additional layer of security. You’ll receive a special code every time you sign in to your account. It’s easy to do – find the steps here.
Choose strong passwords: Create a strong password and only use it for your Nest Account.
Set up Family Accounts: Don’t let other people use your email and password to sign in to the Nest app. Invite them to share access to your home with Family Accounts.
Be alert: Be on the lookout for phishing emails designed to trick you into sharing your email address and password.
Protect your home network: Keep your home network router software up to date and only share those credentials with people you trust. Set up and use a guest network if your Wi-Fi router supports it.

It’s a great responsibility to be welcomed into your home, and we’re committed to keeping you and your Nest devices safe.

If you have questions or need additional help, please reach out to Nest Support.

— rishi
VP/GM of Nest

You received this mandatory email service announcement to update you about important changes to your Nest product or account.

© 2019 Nest Labs, Inc.
3400 Hillview Ave. Palo Alto, CA 94304

2 Likes