---

@jguerdat wrote:

I don't really think you were hacked 

---

It doesn't sound like it to me either.  It sounds to me like someone was actually close enough to the cameras to trigger them.

Are you using audio alarms?  Or only the video ones?  If audio alarms are enabled, someone outdoors could potentially trigger an alarm (just by being loud enough).

My homebase is not audio enabled, so no sound would have been able to trigger the alarm. 

Also, to clarify, this is not me "hearing" someone yelling through the camera and me hearing it through the app - this is the camera being remotely controlled (as if through the App), and someone speaking to me through my own cameras just as if I was using the App to talk through the cameras.  These cameras are located in my house, and someone was telling me they love my dogs THROUGH my own cameras....

This indicates to me that they can: 
A) See through the camera to know that I HAVE dogs.

B) Speak THROUGH my cameras just like I can through the app interface.

What leads you to believe this was not a hack?  I'd like to understand as much as I can about this scenario so that I can defend against it moving forward.

---

@UpsetUser13 wrote:

this is not me "hearing" someone yelling through the camera and me hearing it through the app - this is the camera being remotely controlled (as if through the App), and someone speaking to me through my own cameras just as if I was using the App to talk through the cameras. 

 

---

Thanks, that does clarify the situation - and does sound like a hack.  Take a look at the 2FA settings, and see if there are any trusted devices that you don't recognize.  Also look at the friend access, since that would bypass 2FA.

If nothing is wrong there, and changing the arlo password doesn't help:  That suggests that something else has been hacked, and that your arlo password is being picked up from that device.  For instance, if you use chrome with sync, it could be your google account.  It could also be that a PC or mobile device has been hacked.  So in this case I recommend running a malware scan on any PCs and changing other passwords.  

Thank you for confirming.  The only trusted device was my wife's phone, and she also received no 2FA notifications.  We don't permit access to any friends, so we're the only two it could have been.

What I find so strange about this is that even if I log in from my personal Laptop - it prompts me on my phone to 2FA verify the login.....  

I've recently updated all of my accounts and passwords and disabled them from being stored in Google.  I've also done the recommended Malware scans and have tightened up my security in any way possible.  Trust me, this was a crash course on Network Security so I've been trying to do everything I can to protect against it in the future.

Thank you for your help.

---

@UpsetUser13 wrote:

Thank you for confirming.  The only trusted device was my wife's phone, and she also received no 2FA notifications.  We don't permit access to any friends, so we're the only two it could have been.

 

What I find so strange about this is that even if I log in from my personal Laptop - it prompts me on my phone to 2FA verify the login.....  

 

---

So 2FA is working as designed.  Did you also double-check that there is no "friend" access?  (I understand you didn't set that up, but if someone did have access via the main account, it's an obvious back door).