Man says thermostat was 'hacked', urges app users to check passwords

APEX, N.C. -- When Jonathan Schisler saw the temperature on his Nest thermostat reach nearly 90 degrees recently, he knew something was up.

"I immediately blamed my children that someone had turned up the thermostat," said Schisler, who lives in Apex. "Everything is connected to Alexa so I thought maybe she overheard me say 'set the temperature to 90 degrees.' I ruled all those things out."

Instead, the issue was with his password- a reminder of how easy it is for hackers to get and use passwords people think are private.

"It's a little unsettling," he said. "Fortunately I don't have Nest cameras or the Nest doorbells where they could look in on what we're doing."

Nest manufactures smoke detectors, security systems, smart doorbells and thermostats.

Nest said it hasn't been breached. Instead, the company, which is owned by Google, said Schisler's password was breached on another website. For example, he was using the same password for his Nest thermostat that he used for another site.

Schisler doesn't know yet where the password was breached

"In nearly all cases, two-factor verification eliminates this type of security risk," a Google spokesperson said. "We take security in the home extremely seriously, and we're actively introducing features that will reject compromised passwords, and allow customers to monitor access to their accounts and track external entities that abuse credentials."

"I use the two-factor verification for most everything else," Schisler said. "I just never thought about going back to the apps I've used for the last eight years. The message I have for people is to check your passwords and always say yes to two-step authentication."
Copyright © 2019 WTVD-TV. All Rights Reserved.