PanicStation.org
UK USA
uk Technology & digital loss smart device acting strange • smart home behaving oddly • iot device hacked • smart speaker hacked • smart camera hacked • smart thermostat hacked • smart lock acting up • ring camera strange activity • alexa acting weird • google home acting weird • homekit acting weird • device account takeover • someone accessed my smart account • unauthorized smart device control • suspicious device automations • unknown users on smart home • router may be compromised • wifi network may be hacked • account controlling device accessed • smart device privacy breach

What to do if…
your smart device starts behaving oddly and you suspect the account controlling it was accessed

Short answer

Pause remote control first: take the device (or hub) offline, then secure the controlling account from a different, trusted device.

Do not do these things

  • Don’t keep “testing” the device while it’s still online (it can give an attacker more time and more data).
  • Don’t factory reset until you’ve first secured the controlling account (unless the provider’s recovery steps require it because you’re locked out).
  • Don’t reuse an old password, a similar password, or a password you use anywhere else.
  • Don’t click “security alert” links from emails/texts about this incident unless you navigate to the provider directly.
  • Don’t hand over one-time codes (SMS/authenticator) to anyone claiming to be “support”.
  • Don’t assume it’s “just a glitch” if you see new users, new routines, new devices, or login alerts.

What to do now

  1. Stop remote control quickly (30–60 seconds).

    • If safe to do so, unplug the device, remove its batteries, or power off the hub/bridge it uses.
    • If it affects safety (locks/alarms), switch to a manual backup if you have one (physical key, manual control).

  2. Use a different, trusted device to secure the controlling account.

    • Ideally use a phone/computer you trust, on a trusted connection.
    • Change the account password to a long, unique one.
    • Sign out of all other sessions/devices (look for “log out everywhere” / “active sessions”).
    • Turn on two-factor authentication (2FA / 2-step verification) for that account.

  3. Secure the email account that can reset that smart account.

    • If your smart-home account uses your email for password resets, secure your email next (password change, sign out everywhere, 2FA).
    • Check the email account’s forwarding rules / filters and remove anything you didn’t create.

  4. Remove unknown access inside the smart-home app.

    • In the app for the device/platform, look for Household/Home members, shared users, guests, or linked accounts.
    • Remove anything you don’t recognise (unknown people, unknown partner accounts, old phones/tablets you no longer have).

  5. Check for “new behaviour” that could be an attacker’s foothold.

    • Review automations/routines/scenes, notifications, and privacy settings.
    • Remove unfamiliar routines (for example: camera disabled at certain times, microphone enabled, lights changing at night).

  6. Lock down your home Wi-Fi basics (this matters for smart devices).

    • Log into your router admin page and change the router admin password (not just the Wi-Fi password).
    • Update router firmware (or enable automatic updates if available).
    • Disable WPS (Wi-Fi Protected Setup) if it’s on.
    • Change the Wi-Fi password and reconnect only the devices you still use.

  7. Only after the account is secure: reset and re-pair the smart device.

    • Factory reset the device/hub (and any bridge it depends on), then set it up again using the newly secured account.
    • During setup, don’t reuse old device PINs/default passwords; apply updates immediately.

  8. Document what you saw (lightweight, not forensic).

    • Note the date/time, what changed (e.g., “new user added”, “camera turned on”), and any screenshots of login alerts or device lists.
    • This helps if you need to contact support, your bank, or make a report.

  9. Get the right external help if money, identity, or safety is involved.

    • If you lost money or were scammed through this access, contact your bank/card provider immediately.
    • If you want to report fraud/cyber crime:
      • England, Wales, or Northern Ireland: report via Report Fraud (the national fraud and cyber crime reporting service).
      • Scotland: report to Police Scotland via their non-emergency route (or your local police service).
    • If the incident affects physical safety (e.g., smart lock/door access), treat it as a home security issue as well (change physical access codes/keys where relevant).

What can wait

  • Deep technical investigation, buying new devices, or redesigning your whole smart home setup.
  • Cancelling accounts you rely on daily (do that only once you’ve regained control and can do it calmly).
  • Deciding whether to make a formal report (unless you’ve lost money, sensitive data, or it’s ongoing).

Important reassurance

Odd smart-device behaviour can come from updates, outages, or misconfigurations — but taking the steps above is still the safest path because it prevents the most damaging outcomes (privacy loss, ongoing access, or lockout).

Scope note

These are first steps to stabilise and regain control. If you discover broader compromise (multiple accounts, bank access, repeated re-entry), you may need device-support escalation and specialist IT/security help.

Important note

This is general information, not legal, technical, or financial advice. If you feel unsafe, or the situation involves stalking/harassment or immediate home security risk, prioritise personal safety and seek appropriate help.

Additional Resources
Support us