- My Forums
- Tiger Rant
- LSU Recruiting
- SEC Rant
- Saints Talk
- Pelicans Talk
- More Sports Board
- Fantasy Sports
- Golf Board
- Soccer Board
- O-T Lounge
- Tech Board
- Home/Garden Board
- Outdoor Board
- Health/Fitness Board
- Movie/TV Board
- Book Board
- Music Board
- Political Talk
- Money Talk
- Fark Board
- Gaming Board
- Travel Board
- Food/Drink Board
- Ticket Exchange
- TD Help Board
Customize My Forums- View All Forums
- Show Left Links
- Topic Sort Options
- Trending Topics
- Recent Topics
- Active Topics
Started By
Message
Someone logged into my Nest account and ordered a camera...
Posted on 5/7/18 at 10:01 am
Posted on 5/7/18 at 10:01 am
So one of two things happened, the best I can tell.
1) Nest got hacked
2) My email/password combo got hacked in a previous hack, maybe Linkedin and someone figure out my password system(not rocket science)
I'm guessing #2 is more likely and I now need to go change ALL my passwords with a better system and even more likely just move to a password management system.
Thoughts?
I'm waiting for Nest to get back to me to see how they logged in, from where, if there were incorrect password attempts, etc.
1) Nest got hacked
2) My email/password combo got hacked in a previous hack, maybe Linkedin and someone figure out my password system(not rocket science)
I'm guessing #2 is more likely and I now need to go change ALL my passwords with a better system and even more likely just move to a password management system.
Thoughts?
I'm waiting for Nest to get back to me to see how they logged in, from where, if there were incorrect password attempts, etc.
8
Posted on 5/7/18 at 10:10 am to barry
A) Contact your CC or Bank to get your money back or at least not have to pay it.
B) Contact Nest and see if they can stop the shipment or at least let them know you didn't order it.
Nest's customer support is pretty good in my experience.
B) Contact Nest and see if they can stop the shipment or at least let them know you didn't order it.
Nest's customer support is pretty good in my experience.
Posted on 5/7/18 at 10:13 am to DoubleDown
quote:
B) Contact Nest and see if they can stop the shipment or at least let them know you didn't order it.
they already did and now I'm waiting for their security team to contact me.
Customer service has been fantastic so far.
Also turned on 2-step authentication, which i guess i should have had to begin with
Posted on 5/7/18 at 10:13 am to barry
Well, I am assuming your Nest is sitting on your Wireless Network that is encrypted.
We have to figure out points of entry.
1) The Nest itself via some form of crack or mock network.
2) Your actual account
3) Your Wireless Gateway via some form of WPA crack or mock network.
4) Phishing mail or maybe even server-side frick up from an app retailer/business (LinkedIn)
/---------------------------------------/
Last year there was a crack for WPA2 that indeed affected a ton of wireless devices. However, I think if I remember correctly you are pretty thorough in upkeep on your devices.
An app could have had a security breach and if you use the same user/pass for all accounts (big no no) someone just could have gotten lucky and saw the Nest as the most desirable point of entry.
A pretty good idea to update all firmware, anti-virus, and change user/pass for all accounts including banking/cc because those are the ones that can do the most dmg.
The other big concern is if they accessed your Nest, they probably logged your IP traffic which can also house these usernames and passwords.
Scary stuff.
We have to figure out points of entry.
1) The Nest itself via some form of crack or mock network.
2) Your actual account
3) Your Wireless Gateway via some form of WPA crack or mock network.
4) Phishing mail or maybe even server-side frick up from an app retailer/business (LinkedIn)
/---------------------------------------/
Last year there was a crack for WPA2 that indeed affected a ton of wireless devices. However, I think if I remember correctly you are pretty thorough in upkeep on your devices.
An app could have had a security breach and if you use the same user/pass for all accounts (big no no) someone just could have gotten lucky and saw the Nest as the most desirable point of entry.
A pretty good idea to update all firmware, anti-virus, and change user/pass for all accounts including banking/cc because those are the ones that can do the most dmg.
The other big concern is if they accessed your Nest, they probably logged your IP traffic which can also house these usernames and passwords.
Scary stuff.
Posted on 5/7/18 at 11:00 am to 50_Tiger
Yea, I'd definitely change and update all your passwords to virtually everything important.
Posted on 5/9/18 at 8:49 pm to barry
Out of curiosity, did you get an email that someone was using your account or did you get a new camera and someone contacted you? I ask because I bought a nest outdoor camera from eBay and shortly after I configured it, I got a LinkedIn message from a random person with 15 connections, no picture, and a very generic email that I activated a camera under his account and used his credit card.
I am pretty confident there is a scam going on that somehow connects nest accounts and LinkedIn. I have no evidence to prove this but a very similar thing happened to me so I am growing more confident information is being sold but I haven’t seen any charges on my account or adverse affects from this LinkedIn bot/hacker.
I am pretty confident there is a scam going on that somehow connects nest accounts and LinkedIn. I have no evidence to prove this but a very similar thing happened to me so I am growing more confident information is being sold but I haven’t seen any charges on my account or adverse affects from this LinkedIn bot/hacker.
This post was edited on 5/9/18 at 8:52 pm
Posted on 5/10/18 at 1:28 pm to barry
Not sure about your situation but something is up for sure. I received an email yesterday from Nest saying I needed to change my email and password.
Their exact message is below
Their exact message is below
quote:
Nest monitors publicly leaked password databases and checks our own databases for matches. We’ve found that your email and password were included in a list of accounts shared online. Common causes of password theft are falling victim to phishing emails or websites, malware, and password reuse on other websites which may have been compromised.
Posted on 5/10/18 at 3:22 pm to barry
Maybe you just got shithoused and ordered a camera...
Posted on 5/10/18 at 4:28 pm to barry
quote:
Thoughts?
I'd advise having as few connected smart devices as possible if you care about security at all
Posted on 5/10/18 at 6:54 pm to Giantkiller
quote:
Maybe you just got shithoused and ordered a camera...
And shipped it to a city 300 miles away?
Posted on 5/10/18 at 6:59 pm to cberni1
quote:
Out of curiosity, did you get an email that someone was using your account or did you get a new camera and someone contacted you?
I saw the charge on my CC and checked my account.
For some reason Nest lets you enter an email different from your standard one to notify you of updates for your order and they just entered my email with a 1 entered at the end of it.
They were able to use the CC stored on my account, and they don't ask you to put in the 3 digit code or anything.
Posted on 5/10/18 at 8:40 pm to barry
quote:
They were able to use the CC stored on my account, and they don't ask you to put in the 3 digit code or anything.
Am I assuming you have some sort of paid for cloud storage?
I have just a Nest Thermostat and no CC is required.
Posted on 5/10/18 at 8:44 pm to 50_Tiger
quote:
Am I assuming you have some sort of paid for cloud storage?
yea, still would think they would require something to buy cameras
Posted on 5/11/18 at 8:36 pm to barry
quote:
And shipped it to a city 300 miles away?
Well you were really fricked up.
Posted on 5/12/18 at 7:12 am to Giantkiller
quote:
Maybe you just got shithoused and ordered a camera...
I did that with a Sonos speaker once. Decided I needed another Play 1. But I actually had it sent to my house.
Posted on 5/12/18 at 7:42 am to barry
quote:
just move to a password management system.
Last pass
Posted on 6/13/18 at 9:03 am to barry
can you possibly track down the address where it's supposed to be delivered?
Posted on 6/29/18 at 5:15 am to 50_Tiger
How would they get other passwords using the IP traffic? I’m a Mac user and passwords are encrypted by device. Just because they have the Nest account password doesn’t mean they can access my WiFi traffic, right? I also have an eero which is significantly more secure than most standard routers out there.
Sorry guys the same thing that happened to OP happened to me and i found this thread by Googling. Only difference is, the camera was ordered and sent to my house, which freaks me out. Either they made a mistake to and didn’t enter their shipping address or something more nefarious was going on. Like they ordered the camera, expected me to think “Cool, free gadget,” and set it up so they could monitor wherever I put it.
(If it helps I had two roommates at FSU who were grad students from LSU. They were from Shreveport.)
Sorry guys the same thing that happened to OP happened to me and i found this thread by Googling. Only difference is, the camera was ordered and sent to my house, which freaks me out. Either they made a mistake to and didn’t enter their shipping address or something more nefarious was going on. Like they ordered the camera, expected me to think “Cool, free gadget,” and set it up so they could monitor wherever I put it.
(If it helps I had two roommates at FSU who were grad students from LSU. They were from Shreveport.)
Page 1 of 1
Popular
Back to top
Follow TigerDroppings for LSU Football News