In this case, it wasn’t even that Nest had an insecure device, though that is often open to debate with Internet of Things devices. No, this was all about reusing passwords.
“The method used to spy on the Thomases is one of the oldest tricks on the Internet. Hackers essentially look for email addresses and passwords that have been dumped online after being stolen from one website or service and then check to see whether the same credentials work on another site. Like the vast majority of Internet users, the family used similar passwords on more than one account. While their Nest account had not been hacked, their password had essentially become public knowledge, thanks to countless other data breaches.
In recent years, this practice, which the security industry calls “credential stuffing”, has gotten incredibly easy. One factor is the sheer number of stolen passwords being dumped online publicly. It’s difficult to find someone who hasn’t been victimized.
A new breed of credential-stuffing software programs allows people with little to no computer skills to check the log-in credentials of millions of users against hundreds of websites and online services such as Netflix and Spotify in a matter of minutes.”
So how do you avoid this? First, just go ahead and assume that some website that you use has been breached and your username and password for that site is out there somewhere.
Once you assume that, of course, it now seems silly to use the same one on multiple sites, no? So don’t do that.
But, how will you remember all those different passwords?
That’s what password managers are for. Use one. Have it remember the passwords for you. When you hear of a site being breached, change that password, and relax in the comfort of knowing that that password won’t work anywhere else.