Over the past several weeks, a handful of local stories have emerged about Nest owners being “hacked” and harassed through their smart home. Despite the headlines, these incidents have been due to bad password management, and not Nest being compromised. Google today sent out an email to customers reiterating that this is the case, and advising users to enable two-factor authentication.

Today’s email is from Rishi Chandra, who has led Google Home and was put in charge of Nest last year as part of a combined smart home division within Made by Google. He and the company are “reaching out to assure you that Nest security has not been breached or compromised.” The last time Rishi emailed customers was over a Google Home outage in June.

For context, even though Nest was not breached, customers may be vulnerable because their email addresses and passwords are freely available on the internet. If a website is compromised, it’s possible for someone to gain access to user email addresses and passwords, and from there, gain access to any accounts that use the same login credentials. For example, if you use your Nest password for a shopping site account and the site is breached, your login information could end up in the wrong hands. From there, people with access to your credentials can cause the kind of issues we’ve seen recently.

According to Nest, password reuse from various breaches of third-party sites is at fault for these recent incidents. The division detailed today how it “looks across the internet to identify breaches” from other services and will alert users, as well as temporarily disable access.

Google also does this to protect Google Accounts, and yesterday released a Chrome extension for use on third-party sites. Nest also prevents the use of passwords that are on known compromised lists.

Nest provides a list of “easy” steps that users can take to secure their Nest Account. At the top of the list is 2-step verification, and choosing unique, strong passwords. It also advises using Family Accounts to give other users access to your home, instead of giving other people your email and password.

Other standard tips include not falling for phishing emails, and protecting your home network with up-to-date routers and guest networks.

Hello,

In recent weeks, we’ve heard from people experiencing issues with their Nest devices. We’re reaching out to assure you that Nest security has not been breached or compromised. We also want to remind you of a few easy things you can do to get the most out of Nest’s security features.

For context, even though Nest was not breached, customers may be vulnerable because their email addresses and passwords are freely available on the internet. If a website is compromised, it’s possible for someone to gain access to user email addresses and passwords, and from there, gain access to any accounts that use the same login credentials. For example, if you use your Nest password for a shopping site account and the site is breached, your login information could end up in the wrong hands. From there, people with access to your credentials can cause the kind of issues we’ve seen recently.

We take protecting our users’ security very seriously. For added password security, the team looks across the internet to identify breaches and when compromised accounts are found, we alert you and temporarily disable access. We also prevent the use of passwords that appear on known compromised lists. While we can’t stop password breaches across the internet, we’re committed to limiting the impact of compromised credentials on Nest Accounts.

While we continue to introduce additional security and safety features, we need your help in keeping your Nest Account secure. There are several ways for you to protect your home and family. Here’s what you can do:

• Enable 2-step verification: The most important thing you can do is enable 2-step verification. Security experts agree that 2-step verification offers an additional layer of security. You’ll receive a special code every time you sign in to your account. It’s easy to do – find the steps here.

• Choose strong passwords: Create a strong password and only use it for your Nest Account.

• Set up Family Accounts: Don’t let other people use your email and password to sign in to the Nest app. Invite them to share access to your home with Family Accounts.

• Be alert: Be on the lookout for phishing emails designed to trick you into sharing your email address and password.

• Protect your home network: Keep your home network router software up to date and only share those credentials with people you trust. Set up and use a guest network if your Wi-Fi router supports it.

It’s a great responsibility to be welcomed into your home, and we’re committed to keeping you and your Nest devices safe.

If you have questions or need additional help, please reach out to Nest Support.

— rishi VP/GM of Nest

About the Author