‎User account compromised and SimpliSafe won't fix it | SimpliSafe Support Home
Skip to main content
 
markdiana's profile

markdiana

4 Messages

User account compromised and SimpliSafe won't fix it

We had installed a system at our elderly parents' home in another state and added it as a second location in our account (Dad's House). Last week, a relative who was at his house (he lives in the area) called customer service and gave them our email address (which he knew because we are relatives), the address of Dad's house, and the base station serial number. They authorized him and moved the system over to his account and removed it from ours.

We called customer service when we found out, and they acknowledged it was our account (we gave them our identifying information and were able to give them the relative's email address) and began the process of moving it back to our account. However, an email was generated alerting the relative of the change. He called in, talked to a Supervisor, and locked down the account by requiring the safe word before any account changes could be made. This was while we were on the phone with customer service, and the agent told us he was calling while we were talking.

At that point, SimpliSafe told us they can't do anything because we don't know his account information and can't be authorized to make changes to the account. This was during the first call to customer service. Eventually, they gave us the CEO Office account email to escalate it to them. They told us only customer service could fix it. Customer service tells us that only the CEO team can fix it. Both of them tell us they can't do anything because we don't know the account information.

It is unimaginable that a security company could allow a breach of a user account, acknowledge that breach, and refuse to fix it, leaving the account with the person that impersonated us (which is a breach of the Terms of Service, so his account should be cancelled). Beware of any situation like this you may be open to. SimpliSafe will not make it right.

SimpliSafe, if you're listening, please reach out to make this right.

Post

 • 

Updated 

88

3

0

This conversation is no longer open for comments or replies and is no longer visible to community members.

Official Response

simplisafe_admin

Community Admin

 • 

1.8K Messages

Hi @markdiana -

 

One of our Specialists sent you an email on this situation and shared next steps, so we encourage you to review that message to proceed. Our team is happy to talk live about next steps as well.

 

We take our customers' security and privacy very seriously, and that includes the way we manage account access. This situation is no different, and we encourage you to refer to the email thread so our team can assist you further. Thank you!

1

0

markdiana

4 Messages

Thank you for responding. We received an email from one of your specialists, and the information they provided was the same as what we've been told all along. That is, you are refusing to restore our access to the account and leaving it in the hands of the relative that hacked into it and stole it. It's worse than that. We are now being told that we need a power of attorney from my father-in-law to access an account that was never his to begin with. The email also characterized this as a family dispute. It is not a family dispute; it is account theft. The fact that it was relative that hacked into and stole the account does not change that fact. Consider the analogy of a bank account. Even in a family dispute, do you think a bank would allow a relative to steal an account and keep it simply because they are a relative?

As additional evidence, we are still receiving notifications from the SimpliSafe app whenever one of the cameras we installed there detects motion. But of course we can't access that camera, but it was ours to begin with. 

This is still an intolerable situation. I appreciate your response, but until this issue is resolved satisfactorily, I will never recommend SimpliSafe to anyone.

0

markdiana

4 Messages

Beware. SimpliSafe has told us the relative who stole the account is the rightful owner. If someone hacks into your account, you're screwed. SimpliSafe will not fix it.

2

0

captain11

6.6K Messages

@markdiana​ You need to escalate this to a manager. Start by calling support, get an agent and tell them up front you want a call back from a manager. I understand why you are upset but if the relative knew the safe word in the first place, that is, so to speak, the keys to the kingdom, especially with the serial number.

The nuclear option, which you won't like, is to purchase a small starter system with a base and keypad, have it shipped to you , pay for it and then take a hammer to the old base, register new account and make sure that relative never sets foot in your father's house again.

Good luck and post your outcome here if you get a chance.

(edited)

0

markdiana

4 Messages

Captain,

We escalated this all the way to the CEO's Office and got absolutely nothing. We're dealing with the family dynamics, but that's really beside the point. Imagine if this were a bank account, not a SimpliSafe user account. What do you think the bank's response would be to someone hacking into your account? I don't have to imagine because it's happened to me, and I know what the bank does. It helps you get your account back and secure it against future compromise. SimpliSafe, on the other hand, gives the account to the hacker. That's the real issue here, not our jerk of a relative.

0

dlpsr

1.7K Messages

@markdiana 

Looks like the only way is replace the base station, and guard the safe word like it's gold, even if it isn't. Unfortunately parents need it for SS monitoring calls if they have monitoring.

Even if SS asks and they don't often enough, it's not security. Pins or lengthy passwords are security with an actual second factor (2fa) that only you could have on your phone. ie: Google authenticator etc.

Then the safe word meets calls from monitoring only.

Ebay; Simplisafe I think sells starter refurbished kits for $49.99 cheaper maybe from other unknown eBay suppliers.🤷

The issues though will be that the cameras are linked to the original base.

So you still have a quandary.

Unless you can physically access the system ok, parents have full control via the app and then remove and reset the cameras before smashing the old base station.

The hassles of calling and canceling the monitoring, going thru the retention dept.

And then adding the new base as the primary system.

Quite a trip.

Then you'll have to add all sensors and cameras to the new base. And potentially be back at square one.

I didn't see anywhere above, but it was a lot to read.

If Simplisafe didn't ask problem relative for the safe word, that was a breach of their own supposed security practices. Anyone can read a serial number.

I do know that CEO Escalations have called me, asked some silly verification questions, asked for the base serial # or a camera serial #. All of which if parents have that data accessible.

Except things like last four social security number, or last four CC number for the account. If parents have access and gave it to relative. Well you can see where I'm headed.

Serial #s, only proves I'm in the house, not that I'm the actual owner of the system. Lacking in security IMHO.

Frankly, I can't remember when SS has asked me for the safe word in recent times and when they called me. I do self monitor but that's irrelevant for actual security.

If they did ask and the relative got the safe word and relavent info from parents, that's a different ending and meets what Simplisafe considers security.

You could try reaching out to an attorney against the relative or SS or file a consumer complaint with your States AG online against SS, maybe Simplisafe will then assist in a resolution.

And maybe not. AGs are fickle and don't like being used as your personal attorney.

You could escalate, report it a theft by deception to that local police department.

Or explore a system with better actual 2fa security. Many banks are just as vulnerable.

Good luck!

0

0

New to the Community? Get started by reading our Welcome Article and please be sure to review our Community Guidelines before posting.

Related Conversations

Loading...

Was this post helpful?