On Friday I received a message from Nest’s Security team. The message basically was a form letter saying my account may have been compromised and that I should change my password and enable two step verification immediately.
(As a note, I realize blogging on the internet sounds like shouting. I’m writing this while working on a Sony PCG-2C1L (later referred as the VGC-lt31n-lt39? series,) if I’m shouting I’m shouting at it.)
What’s weird about this is I don’t have a Nest account any longer. A little after Google integration happened I moved to the Goog and I believe that’s been a couple of months at this point. Maybe I’m mistaken.
The other weird thing was while I had previously had a Nest account, my password of Password1234 was one stronger… should have held.
I also had two step verification enabled back when I had it. So if they did have my credentials they should have hit the second step.
The rest of the information in the email was Nest account specific. Nothing they suggested could work with a Google integrated account.
There was no time of potential break in, no IP address, nothing I could act on and the security team did not reply back when I asked them what the deal was.
I contacted Nest support who came back and confirmed that email came from the security team but had no details. They are going to attempt to locate anything as to why a migrated Google account is getting a warning about third party logins on a service weeks after the move.
I checked on security.google.com and similarly, nothing unexpected.
Too Vague warning is too vague. Especially when the Nest account doesn’t exist any more.