PanicStation.org
UK USA
us Technology & digital loss smart device acting strange • smart home behaving oddly • iot device hacked • smart speaker hacked • smart camera hacked • smart thermostat hacked • smart lock acting up • doorbell camera hacked • alexa acting weird • google home acting weird • homekit acting weird • device account takeover • someone accessed my smart account • unauthorized smart device control • suspicious device automations • unknown users on smart home • router may be compromised • wifi network may be hacked • account controlling device accessed • smart device privacy breach

What to do if…
your smart device starts behaving oddly and you suspect the account controlling it was accessed

Short answer

Cut off remote access first (power it down or take it offline), then secure the controlling account from a separate, trusted device by changing the password, logging out all sessions, and turning on 2FA.

Do not do these things

  • Don’t keep the device online while you “poke around” to see what happens.
  • Don’t factory reset before securing the controlling account (unless you’re locked out and the provider’s recovery steps require it).
  • Don’t reuse passwords or make a “slightly changed” version of an old password.
  • Don’t trust emails/texts with links to “verify” or “fix” your account — go to the provider directly.
  • Don’t share one-time codes with anyone (even “support”).
  • Don’t ignore it if you see new users, new routines, or device settings you didn’t change.

What to do now

  1. Stop remote control quickly (30–60 seconds).

    • Unplug the device, remove batteries, or power off the hub/bridge.
    • If it impacts safety (locks/alarms), switch to manual backups (physical keys/manual controls).

  2. Secure the controlling account from a trusted device.

    • Change the password to a long, unique one.
    • Use “sign out of all devices” / “log out of all sessions.”
    • Turn on two-factor authentication (2FA) (an authenticator app or security key is often stronger than SMS if you have the option).

  3. Secure the email account used for password resets.

    • Change email password, sign out everywhere, enable 2FA.
    • Check for unauthorized forwarding, filters, or recovery email/phone changes.

  4. Remove unknown access inside the smart-home platform.

    • Review household/home members, shared users, guests, and linked services (voice assistants, third-party integrations).
    • Remove anything you don’t recognize, including older phones/tablets you no longer control.

  5. Remove attacker “persistence” inside automations and settings.

    • Check routines/automations/scenes, camera/mic permissions, and notification settings.
    • Delete unfamiliar automations (e.g., camera turns off at night, door unlock routine, unexpected geofencing rules).

  6. Secure your home network essentials (common path into smart devices).

    • Change your router admin password (not just Wi-Fi password).
    • Update router firmware (enable auto-updates if available).
    • Disable WPS (Wi-Fi Protected Setup).
    • Change Wi-Fi password; reconnect only devices you still use.

  7. Only after account security: reset and re-pair the smart device.

    • Factory reset the device/hub/bridge, then set it up fresh under the secured account.
    • During setup, apply updates immediately and avoid default/admin credentials.

  8. Write down what happened (simple record).

    • Date/time, symptoms, login alerts, new users/devices, and any screenshots.
    • Keep it ready for device support, your bank, or a report.

  9. Escalate appropriately if money, identity, or ongoing crime is involved.

    • If there’s financial fraud: contact your bank/card issuer right away.
    • If personal information may have been used for identity theft (new accounts, bills, credit alerts), consider using IdentityTheft.gov to get an official recovery plan.
    • If you want to report cyber-enabled fraud or cybercrime to federal authorities, file with the FBI’s IC3:
      • Safest approach: type the address directly in your browser (ic3.gov or complaint.ic3.gov) rather than clicking ads or search results.
      • Be cautious of anyone claiming to be “IC3/FBI support” who asks for money or one-time codes.

What can wait

  • Buying replacement devices or changing your whole smart-home ecosystem.
  • Deep forensics or trying to “prove” exactly how it happened.
  • Making big decisions about closing accounts, unless you can’t regain control or there’s ongoing fraud.

Important reassurance

Smart devices can misbehave for non-malicious reasons (updates, outages, buggy automations). The steps above are still the safest because they shut down the highest-impact risks: continued access, privacy exposure, and account lockout.

Scope note

This is first-step containment and recovery. If you see repeated re-entry, multiple compromised accounts, or signs your computer/phone is infected, you may need device-support escalation and professional security help.

Important note

This is general information, not legal, technical, or financial advice. If you feel unsafe or the incident connects to harassment or threats, prioritize personal safety and seek appropriate help.

Additional Resources
Support us