Nest security camera owners have been plagued by breaches in recent weeks, but the security company owned by Google has insisted the hacks have nothing to do with its own security protocols and rather stem from insecure passwords used by camera owners. To address the problem, the company is taking the extra step of locking people out of their accounts until they change their password.
Nest’s approach to the situation is fairly standard after a widespread breach, and the company maintains that nothing on its end has been compromised. Instead, the spate of recent attacks have primarily been the cause of people reusing passwords or using the default password that comes with their device. This allows hackers to easily target the cameras and hijack them with minimal effort.
While it might seem safer to use a familiar password that you’ll remember, past breaches from other sites may have exposed your password. That information is often available on the dark web and can be used to crack other accounts that use the same credentials. While it might feel difficult to set up unique passwords for every account you have, it’s the safest way to make sure all of your accounts and devices are secure. Password managers are a useful tool to help in these instances, as they only require you to remember a single master password while creating strong, unique passwords for each of your accounts.
If you’re one of the people who has been locked out of your account, you will be unable to access the Nest app until you change your password. That means you won’t get notifications from your camera, including ones that warn you of an intruder. You also won’t get any mobile warnings about smoke detection. Alarms on the device itself will still work, so you’ll still be able to hear it in your home, but receiving mobile notifications will require a password change.
Failing to change your password won’t just leave you locked out of your security device, it’ll also leave you vulnerable to hacks. Past attacks have resulted in hackers speaking to victims through their device, including one instance in which hackers staged a fake emergency broadcast warning of a North Korean missile attack.