X

Nest says it wasn't breached, following reports of infiltrated Nest Cams

It says the security cameras got hacked because users chose already compromised passwords and user names.

Richard Nieva Former senior reporter
Richard Nieva was a senior reporter for CNET News, focusing on Google and Yahoo. He previously worked for PandoDaily and Fortune Magazine, and his writing has appeared in The New York Times, on CNNMoney.com and on CJR.org.
See full bio
Richard Nieva
4 min read
google-hq-sede-mountain-view.jpg

Nest reassured customers Wednesday that its systems weren't hacked.

 Chris Monroe/CNET

Last month, a San Francisco Bay Area woman got a thorough scare when a hacker infiltrated her family's Nest Cam to announce the US was under nuclear attack from North Korea.

It was a hoax. And it was terrifying. But Nest's systems weren't breached in the process. The hacker gained access to the camera by getting the account's password from a third party. In other words, the woman likely used the same login information for Nest as she did another website that's been breached. 

On Wednesday, Nest reiterated that the company wasn't hacked.

"In recent weeks, we've heard from people experiencing issues with their Nest devices," Rishi Chandra, vice president of Nest, wrote in an email to customers. "We're reaching out to assure you that Nest security has not been breached or compromised."

Chandra also says in the email that Nest, which is owned by Google, looks for breaches across the internet. If Nest accounts are possibly vulnerable because of those breaches, the company alerts customers and temporarily disables access.

Google declined to further comment.

The email also reminds customers of best practices when it comes to device and password security. That includes two-factor authentication, which requires users to provide two types of verification to sign in, like from both your desktop computer and phone. The note also says to make sure your software isn't outdated to make sure you get the latest security updates.

The catalyst for the security primer was a handful of recent reports about hackers gaining access to Nest Cams. Aside from the North Korea hoax, a hacker in December took over the camera of a man in Arizona to warn him of security vulnerabilities. In another case that month, a hacker told a couple through the device he'd kidnap their child.

Those incidents are notable because Google, Amazon and Samsung have made big investments in smart home technology. But scares like those could sour people from bringing internet-connected appliances into their homes.

Here's the full note from Chandra:

Hello,
In recent weeks, we've heard from people experiencing issues with their Nest devices. We're reaching out to assure you that Nest security has not been breached or compromised. We also want to remind you of a few easy things you can do to get the most out of Nest's security features.
For context, even though Nest was not breached, customers may be vulnerable because their email addresses and passwords are freely available on the internet. If a website is compromised, it's possible for someone to gain access to user email addresses and passwords, and from there, gain access to any accounts that use the same login credentials. For example, if you use your Nest password for a shopping site account and the site is breached, your login information could end up in the wrong hands. From there, people with access to your credentials can cause the kind of issues we've seen recently.
We take protecting our users' security very seriously. For added password security, the team looks across the internet to identify breaches and when compromised accounts are found, we alert you and temporarily disable access. We also prevent the use of passwords that appear on known compromised lists. While we can't stop password breaches across the internet, we're committed to limiting the impact of compromised credentials on Nest Accounts.

While we continue to introduce additional security and safety features, we need your help in keeping your Nest Account secure. There are several ways for you to protect your home and family. Here's what you can do:

•Enable 2-step verification: The most important thing you can do is enable 2-step verification. Security experts agree that 2-step verification offers an additional layer of security. You'll receive a special code every time you sign in to your account. It's easy to do – find the steps here.

•Choose strong passwords: Create a strong password and only use it for your Nest Account.

•Set up Family Accounts: Don't let other people use your email and password to sign in to the Nest app. Invite them to share access to your home with Family Accounts.

•Be alert: Be on the lookout for phishing emails designed to trick you into sharing your email address and password.

•Protect your home network: Keep your home network router software up to date and only share those credentials with people you trust. Set up and use a guest network if your Wi-Fi router supports it.

It's a great responsibility to be welcomed into your home, and we're committed to keeping you and your Nest devices safe.
If you have questions or need additional help, please reach out to Nest Support.

— rishi
VP/GM of Nest

The Smartest Stuff: Innovators are thinking up new ways to make you, and the things around you, smarter.

Special Reports: CNET's in-depth features in one place.