Nest wasn’t hacked – but change your passwords

Home security camera firm rebuffs rumors of security breach

Nest has reassured customers that its Google-owned home security camera hasn’t been hacked – they just need to choose better passwords.

Over the past few weeks, users have been reporting that their Nest devices have been compromised, allowing uninvited parties to watch them and even use the built-in microphone.

One family claimed their camera had been taken over by ‘hackers’ after an unknown voice shouted racial slurs and curse words through the speaker.

These reports led to accusations that Nest had been hacked, with rumors circulating that the company was subject to a security breach.

In reality, there was no breach – customers were just using their default usernames and passwords which are easily-accessible online.

An email sent to Nest users and seen by The Daily Swig read: “In recent weeks, we’ve heard from people experiencing issues with their Nest devices. We’re reaching out to assure you that Nest security has not been breached or compromised. We also want to remind you of a few easy things you can do to get the most out of Nest’s security features.

“For context, even though Nest was not breached, customers may be vulnerable because their email addresses and passwords are freely available on the internet. If a website is compromised, it’s possible for someone to gain access to user email addresses and passwords, and from there, gain access to any accounts that use the same login credentials.”

Google also advised customers to enable two-factor authentication, to use strong passwords, and to look out for phishing scams by fraudsters trying to gain access to Nest accounts.

The email added: “It’s a great responsibility to be welcomed into your home, and we’re committed to keeping you and your Nest devices safe.”

Failure to change default usernames and passwords can leave your devices wide open to nefarious actors.

General security advice would be to change your login credentials on all newly-bought devices such as routers and IoT devices.

A number of governments and the security community are looking to improve standards for smart devices – California recently passed a bill which required all new IoT products to be shipped with unique credentials by 2020.

But ensuring that all smart products are manufactured to be secure by design worldwide is still, at the moment, somewhat of a fantasy.