The last couple of days, an attacker has succeeded to login to dozens of Nest cameras because its owners reused their password. Once logged in, the attacker used the speakers of the camera to demand from victims to subscribe to Youtuber PewDiePie. The attacker also asked to prove the subscribe by performing it while he watched on the cam.
Against Vice Magazine, the attacker stated he uses usernames and passwords that have been compromised in various data leaks. With this leaked login data the attacker then attempts to login to Nest accounts. This is sometimes possible, because some Nest owners use the same leaked login data for their Nest account, and possibly many other accounts. Once logged in, the Nest accounts provide live access to the Nest camera of the victim.
The attacker claims that with this method he obtained login data for 4,000 Nest accounts.
Nest users are advised to reset their password to a unique one, and to use two-factor authentication.