Personal Safety Tech

Has Your Smart Home Been Hacked?

When the cameras pan on their own, the thermostat swings, the lock chirps at odd hours, or the lights flick off while you are in the room, it is unsettling in a way a frozen laptop never is, because it is happening inside the place you are supposed to feel safest. Most smart-home compromises are not a faceless hacker in another country. They are far more often someone who already knew the setup: an ex, a former roommate, the person who sold you the house, or the installer who never handed over full control. This guide walks through the real signs, a safe order to lock everything down, and the part nobody else covers, lawfully identifying who actually has access so police have a name to act on. If you feel unsafe right now, stop reading and call 911.

Safety First Identify Who Has Access Since 2004
911 FirstIf You Feel Unsafe
Someone KnownMore Often Than a Stranger
Who, Not Just HowThe Part Others Skip
Since 2004Lawful Skip Tracing

The Short Version

Safety comes before everything else. If a current or former partner controls your locks, cameras, or thermostat, treat it as a safety issue, not just a tech problem: call 911 if you are in danger, and reach the National Domestic Violence Hotline at 1-800-799-7233 to build a plan before you change anything, because a sudden lockout can provoke retaliation. The common signs of a compromised smart home are devices acting on their own, camera lights or movement you did not trigger, logins and settings that change without you, unfamiliar devices on your Wi-Fi, and a router or app that shows access you cannot explain. To lock down, reset the router, revoke every device and shared account, turn on two-factor on the accounts that run the home, and update firmware. Then comes the question vendor guides never answer: who actually has access. People Locator Skip Tracing helps you lawfully identify the person behind a shared account, an unknown login, the installer, or the prior owner, so your report carries a real name the police can pursue.

Watch: Is Your Smart Home Compromised?

What the signs look like, and the safe order to respond.

▶ Video Overview

If This Could Be Someone You Know

When a person controls your home remotely, it is a safety issue first.

Before any technical step, be honest about who could be doing this, because the answer changes what is safe to do next. If a current or former partner set up your smart locks, cameras, thermostat, or speakers, the same access that runs the home can be turned into a weapon: doors locked or unlocked from afar, the heat cranked uncomfortably high, cameras and microphones used to watch and listen, lights and music switched to unnerve you. This is a recognized form of domestic abuse, and the cruel part is that the person who installed the system often keeps control the other person cannot override. If that describes your situation, treat it as a danger to your physical safety, not merely a privacy nuisance.

Lead with a plan. If you are in immediate danger, call 911. To think it through with someone trained in it, contact the National Domestic Violence Hotline at 1-800-799-7233, which is confidential and available around the clock, and review the safety resources from the U.S. Department of Justice Office on Violence Against Women. One warning the vendor articles never give: if an abuser is watching the system, suddenly changing every password or factory-resetting a device can tip them off and escalate the situation, so the lock-down steps further down this page should follow a safety plan, not precede it. Preserve what is happening as evidence, screenshots of the alerts, logs of when devices acted up, photos of the panels, because that record is what lets police and a protective-order petition treat it seriously.

The Signs of a Compromised Smart Home

One quirk can be a glitch. Several of these together is a pattern.

Devices Act on Their Own

Lights, plugs, the thermostat, or a robot vacuum switch on or change settings when no one in the home touched them.

Camera Light or Movement

An indoor camera pans, tilts, or follows you, or its LED blinks when you did not open the app. Pay attention to a camera that activates while you are home.

Logins or Settings Change

Passwords, two-factor settings, notification preferences, or geofences change without you, or you get sign-in alerts from places you have never been.

Unknown Devices on Wi-Fi

Your router or app lists connected devices with names you do not recognize, or far more devices than your household actually owns.

Voices or Audio You Did Not Start

A speaker or camera plays sound, a voice assistant responds to commands no one gave, or you hear talking through a baby monitor or doorbell.

Odd Data Use or Slow Wi-Fi

A camera uploads far more data than usual, especially when no one is home, or the network drags because something is streaming you cannot see.

Who Usually Has Access

Smart-home intrusions are rarely anonymous. Start with the likely list.

The image of a hooded stranger breaking in from across the world makes for dramatic headlines, but it is not where most smart-home trouble starts. The far more common reality is that the access was handed out, openly or quietly, to someone with a connection to you, and never fully taken back. Working through that list calmly is more productive than imagining a phantom intruder.

A current or former partner. If they set up the hub, the app, or the accounts, they may still be a member, an admin, or simply know the master password. Shared logins from a relationship rarely get untangled cleanly at the breakup.

The person who sold you the house. Built-in cameras, doorbells, thermostats, and locks are frequently left paired to the previous owner’s account at closing. Until the device is fully removed from their account and factory-reset, their app can still see and control it.

The installer or smart-home contractor. A professional who configured the system sometimes retains an administrator profile or a service account that was never revoked once the job ended.

A former roommate, guest, or family member. Anyone you once added for convenience, a houseguest given the Wi-Fi password, a roommate added to the camera app, an adult child with the door code, keeps that access until you remove it.

A genuine outside attacker. This does happen, usually through a reused or breached password, a default device password never changed, or an unpatched device, which is why the lock-down steps matter even when you suspect someone you know. The point is not to accuse anyone; it is to narrow the field so the technical cleanup and any report to police are aimed at the right person.

How to Lock It Down

Do these in order. If safety is a factor, follow your plan first.

Once you are sure it is safe to act, work outward from the network so a locked-out intruder cannot simply slip back in through a device you cleaned earlier. Reclaiming the router first cuts off the path everything else rides on.

1

Reset and Resecure the Router

Change the router admin password and the Wi-Fi password, switch on WPA2 or WPA3 encryption, and update its firmware. If you never changed the factory login, factory-reset it. This evicts anyone riding your network.

2

Revoke Every Device and Guest

In each device app, review members, shared users, and linked homes, and remove anyone you do not recognize or no longer trust. Factory-reset cameras and locks that may still be paired to a prior owner or installer.

3

Change Passwords and Turn On 2FA

Set a new, unique password on every account that controls the home, the camera app, the hub, your email, and enable two-factor authentication so a stolen password alone is no longer enough to get back in.

4

Update Firmware, Then Recheck

Install pending updates on every camera, lock, hub, and plug, then re-open each app and the router list to confirm no unknown sessions or devices reappear. Keep documenting anything that does.

What to Document Before You Reset

A factory reset wipes the very evidence that proves what happened.

Resetting devices is necessary, but it also erases the logs that show someone else was in control, so capture the record before you wipe anything. On the account side, screenshot the member and shared-user lists in every smart-home app, the login or security-alert history that shows sign-ins from unfamiliar locations or times, and the account email and any phone number tied to a profile you do not recognize. On the device side, photograph the panels and the app screens, save event timelines that show devices acting at hours no one was home, and note the names of any unknown devices on your router along with their hardware addresses if the router exposes them. On the context side, keep a simple dated log of each incident, what happened, when, and where you were, plus any messages, calls, or comments from a suspected person that reference details only someone watching the home would know. Store all of it somewhere the smart-home system cannot reach, a different cloud account or a printout, and consider checking what an outsider can already learn about you by reviewing how an address gets pieced together from public records, because the same exposure that helped them target you is worth closing. This file is what turns a vague worry into something police, a locksmith, or a court can act on.

Stopping It vs Identifying Who

Securing the home and naming the person are two different jobs.

GoalWhat It SolvesWhat It Cannot Do
Reset the routerCuts off network access for anyone riding your Wi-Fi.Does not tell you who was on it or stop a re-added account.
Revoke and re-pair devicesRemoves shared users and prior-owner pairings from each device.Does not reveal the real person behind an unknown profile.
Change passwords and 2FABlocks reuse of stolen or remembered credentials.Does not name who used them or where they are.
Antivirus and firmware updatesCloses malware and known device vulnerabilities.Does not address access by someone you actually know.
Lawful identification UsResearches who is behind a shared account, login, installer, or prior owner so police have a named subject.Not a hack-back; we do not access accounts or devices, only lawful public records.

The vendor guides stop at the first four rows. They tell you to secure the home and assume the threat was a nameless stranger. But when devices keep misbehaving after a clean lock-down, or when the timing and the details point to a particular person, the question that actually protects you is the last row: who is it, and how do you prove it to someone who can intervene.

How the Person Behind It Gets Identified

Lawful public-records research turns a fragment into a real name.

From an identifier to a person. Most smart-home intrusions leave a thread to pull: an account email or phone number you do not recognize, the name of a prior owner on the closing paperwork, the business name of the installer, a username on a shared profile, or the contact details of an ex who set the system up. Each of those is a starting point. Through lawful public-records research and skip tracing, our investigation team works an email, a number, or a name into a verified identity, a current address, and known associates. The same approach behind connecting a phone number to a real person and identifying an unknown caller applies when the number is one that keeps appearing in your account’s login history.

From a person to proof police can use. Identification is not the end; it is what makes the rest possible. A named, located individual lets a detective open or advance a case, gives a court a respondent for a protective order, and supports a civil claim. Where the harassment spills beyond the home, our work on a suspicious vehicle seen on the property or tracing a plate back to its registered owner can corroborate who is showing up in person, and reviewing a person’s public social-media footprint can line their movements up with the timestamps in your device logs. We work strictly for lawful, permissible purposes. We never hack, never access an account or device, and we tell you honestly what the records can and cannot establish. If your goal is also to harden yourself against being found and watched again, our guide on reducing your own searchable footprint is a practical next step.

What Identification Realistically Looks Like

Honest limits, and where research genuinely moves the needle.

It would be dishonest to promise that every mystery login resolves into a named culprit, and anyone who guarantees that is overselling. A pure outside attacker who used a one-time breached password and a borrowed network may leave nothing a public-records search can reach, and that is the honest case. But that is also the less common case. When the access traces back to someone with a real-world tie to you, an ex, a prior owner, an installer, a former roommate, there is almost always a documentary trail: property records that name the seller, business filings that name the installer, and the account identifiers you preserved before resetting. Those are the threads that lawful research follows well.

Set expectations accordingly. The strongest outcomes come from cases where you acted early, kept the evidence, and could hand over a concrete identifier rather than a hunch. Identification supports, but does not replace, the work of law enforcement; the goal is to give them a name and a location solid enough to act on, not to take the matter into your own hands. There is no confrontation, no surveillance of anyone, and no vigilante step in any responsible version of this. The lawful path, document, secure, identify, and report, is the one that actually holds up.

Who People Locator Skip Tracing Helps

We identify the person behind the access, lawfully, so a report has teeth.

Homeowners

Trace a prior owner still on a device

Renters

Identify a landlord or prior tenant’s access

Abuse Survivors

Name an ex who still controls the home

Attorneys

Locate a respondent for a protective order

Property Managers

Confirm who an old service account belongs to

Anyone Targeted

Put a name to an unknown login

Whatever fragment you have is worth sending, even if it feels like nothing: an unfamiliar account email, a phone number from a login alert, the name of the people you bought the house from, the company that wired the place, or a username on a shared device. Our team researches it lawfully and tells you plainly what the public record supports. The same skill set powers our broader people-search work and full skip tracing services, and we apply it here only for legitimate, permissible purposes, never to help anyone surveil another person. For a legitimate matter, an initial locate typically comes back within 24 hours.

Our Commitment

We do not hack, access your accounts, or sell guaranteed answers. We do the lawful research most guides skip: identifying the real person behind a shared account, an unknown login, an installer, or a prior owner, so your report and any protective-order or civil action carry weight. Honest, permissible-purpose skip tracing since 2004.

People Locator Skip Tracing Investigation Team – investigators conducting skip tracing and public-records research since 2004, working lawful, investigative-grade sources for legitimate purposes only. Last reviewed 2026. This page is general information, not legal advice, and is not a consumer report; People Locator Skip Tracing is not a consumer reporting agency.

Frequently Asked Questions

What are the clearest signs my smart home was hacked?

Watch for devices that act on their own, cameras that pan or light up when you did not open the app, logins and settings that change without you, unfamiliar devices on your Wi-Fi, voices or audio you did not start, and unusual data use. One quirk can be a glitch, but several of these together is a pattern worth taking seriously.

I think my ex is controlling my devices. What should I do first?

Treat it as a safety issue, not just a tech problem. If you are in danger, call 911. Contact the National Domestic Violence Hotline at 1-800-799-7233 to build a plan before you change anything, because a sudden lockout can provoke retaliation. Preserve the evidence, then follow a safety-aware lock-down sequence.

Why should I document everything before resetting my devices?

A factory reset wipes the logs that prove someone else had control. Before you wipe anything, screenshot member and shared-user lists, security-alert and login history, unknown device names, and event timelines, and keep a dated log of incidents. Store it somewhere the smart-home system cannot reach. That record is what police and a court can act on.

What is the right order to lock down a compromised smart home?

Work outward from the network. Reset and resecure the router first, then revoke unknown device members and re-pair anything tied to a prior owner or installer, then change passwords and turn on two-factor on every account that runs the home, then update firmware and recheck. If safety is a factor, follow your safety plan before any of it.

Who is most likely to actually have access to my devices?

More often than a faceless stranger, it is someone with a tie to you whose access was never revoked: a current or former partner, the person who sold you the house, the installer, or a former roommate or guest. Genuine outside attacks happen too, usually through reused or default passwords, which is why locking down still matters.

Can you identify who is behind an unknown login or account?

Often, yes, when there is an identifier to start from. Using lawful public-records research and skip tracing, our team can work an unfamiliar email, phone number, prior-owner name, or installer business into a verified identity and current location. We cannot guarantee a result for a pure outside attacker who left no real-world thread.

Will you hack the devices back or access the accounts to find out?

No. We never access accounts or devices and we never hack anything. Our work is strictly lawful public-records research and skip tracing to identify and locate a real person, used only for legitimate, permissible purposes. We do not help anyone surveil another person, and we are not a consumer reporting agency.

How does identifying the person help if police are involved?

A named, located individual turns a vague complaint into something actionable. It lets a detective open or advance a case, gives a court a respondent for a protective order, and can support a civil claim. Identification supports law enforcement rather than replacing it; there is no confrontation or surveillance in the lawful path.

Need to Know Who Has Access? Start Here.

We lawfully identify the real person behind a shared account, an unknown login, an installer, or a prior owner, so your report and any protective-order or civil case carry weight, typically with an initial locate within 24 hours. Contact us to get started.

Start Your Request →