Nest has identified some accounts that may be vulnerable to unauthorised access. If you received one of these emails, you should change your password immediately. For greater security, enable two-step verification on your account. See below for additional recommendations to check settings and options in the app.
For customers who received a password change email on or after 19 December 2018, the sender of the email that you received is firstname.lastname@example.org.
For customers who received an email before 19 December 2018, the sender of the email that you received is email@example.com. This is the address that Nest uses for product announcements, promotions and other communications.
Why did I get the email?
We believe that we’ve discovered your Nest Account email address and password in a public list of credentials that were stolen in data breaches.
None of these breaches involved Nest. But you may have used the same email address and password to log into a different account or website, and those credentials may have been compromised.
How did you find my credentials online?
Nest proactively monitors publicly leaked password databases and checks to see if any entries match your Nest Account credentials.
If you received an email from Nest, it means that one of these public databases included the password that you use to sign in to your Nest account.
Where can I check this information myself?
Third-party websites like haveibeenpwned.com let users check their email address and see a list of breaches.
Was Nest's data breached? Was my account hacked?
We invest significant resources in data security and, to our knowledge, Nest infrastructure was not breached.
If you’re using the same credentials to sign in to your Nest account that you use to sign in to other websites, one of the other sites may have been compromised or your password may have been stolen. Common causes of password theft are phishing emails or websites, malware and using a password on a website that has been compromised. Any website or account that uses the same credentials may be vulnerable to unauthorised access.
What should I do?
Protect your Nest account
Check settings and options in the Nest app
- From the app home screen, select Settings and make sure that nothing has changed.
- Ensure that there is nobody added as a Family Accounts member who shouldn't be there. For more information about Family Accounts, including instructions on how to remove someone's access from your home, see the following article: Learn about Family Accounts and how to share access to your Nest home.
- Ensure that you recognise all the Works With Nest connections in each home in your account. For more information about Works With Nest, including instructions to remove a Works With Nest connection, see the following article: Learn about Works with Nest.
Update your credentials for other websites and accounts
- Change your password on each account that uses the same credentials as your Nest account
- If the other accounts support additional security, such as two-step verification, take advantage of these options
Tips for password security
- Use a unique password for each website and account
- Change your passwords regularly
- Use strong passwords (at least 8 characters, with capital letters, numbers and symbols)
- A password manager like Smart Lock from Google can help you keep track of your current passwords