A few days after an Illinois family told local news outlets about getting a scare after they heard racial slurs and curse words taunting them through their Nest security camera, Google has sent out an arguably vague email to Nest camera owners that alludes to incidents like that one without mentioning any details.
And the company also recommends steps that users can take to better protect themselves, one of which is Google trying to diplomatically tell users that the passwords they regularly choose are so bad that it makes their devices tempting targets for hackers — so, you know, reset your password to something better, post haste.
Right off the bat, near the top of the email, Google insists that Nest’s security itself has not been breached, but “customers may be vulnerable because their email addresses and passwords are freely available on the internet. If a website is compromised, it’s possible for someone to gain access to user email addresses and passwords, and from there, gain access to any accounts that use the same login credentials.
“For example, if you use your Nest password for a shopping site account and the site is breached, your login information could end up in the wrong hands. From there, people with access to your credentials can cause the kind of issues we’ve seen recently.”
Thus, the email continues, most of you probably need to change your passwords to stronger ones. Specific steps Google recommends taking include enabling 2-step verification, choosing stronger passwords, setting up family accounts with Nest and keeping your home network protected. You can do the latter by making sure the home router software stays up-to-date and setting up a guest network if the router supports it.
A piece in The Verge today rightly takes issue with the vagueness in Google’s communication here, with the publication’s main beef being Google doesn’t spell out precisely why it’s sending out this email at this point in time and why people should redouble their efforts toward security.
What’s more, despite the recent incidents like the one we mentioned above involving troublemakers co-opting consumers’ cameras, Google doesn’t even mention the world camera at all in the email. “To be fair,” the publication notes, “it’s a lose-lose situation for Google, which isn’t exactly responsible for this problem and doesn’t want to scare people off.
“If the company clearly states precisely why now is a good time for you to enable 2FA, it might scare people away from buying its security cameras. People might not realize that, no matter how hardened a camera’s security might be, it only takes one data breach anywhere in the world to expose a username and password that you might have used on your Nest camera as well. At that point, hackers don’t need to hack: they just log in with your own account.”