My Sonos System has been Hacked. No help from Sonos

Your post doesn’t make much sense, with my worldview of Sonos. The only possible access they’d have, if you’ve changed your WiFi password, is via Spotify Connect, which is easy to break, by playing any other streaming service, other than Spotify.

The last ‘hacking’ incident I’d heard of was back when people had their Sonos exposed on the wrong side of the DMZ on their router. I don’t know of any other way, currently, of ‘hacking’ a Sonos system, a person, given that you’ve changed your WiFi password, just doesn’t have the capability to access your Sonos system. 

What about play.Sonos.com?

I’d not heard of any hacking through play.sonos.com, either. 

In response to your writing

”The only possible access they’d have, if you’ve changed your WiFi password, is via Spotify Connect, which is easy to break, by playing any other streaming service, other than Spotify.”

Known or weak Sonos account password possibly  

More likely by telling Tom, Dick, Harry & their dog the Wi-Fi password.

If Spotify Connect is involved:

Think your account’s been hacked? - Spotify

How to log out of Spotify - Spotify

I would agree, however they mentioned changing their Wi‑Fi password and disabling any potential Spotify Connect sessions. 
 

​@Florentina Michael wrote “I have changed all my passwords to my Wifi and Sonos”.

I'd wait for the incident and within 10 minutes of the start, capture the system information by submitting a diagnostic.

In every instance I have seen here Sonos support was able to determine what started the playback. Without the tmely diagnostic data accurate diagnosis is much more difficult, if even possible.

The one thing I haven't seen is the reporting of a method of illicit access to a Sonos system via Sonos hardware or software on a properly secured network.

This is just simple password neglect. Change your password and/or stop giving it to everyone. Even if you gave it to one person you can’t account for their lack of knowledge to prevent security breaches. 

BTW...it may not just be your Sonos password. Your entire network could have been hacked so you may want to change its password as well.

Have you ever used “Login with Sonos” on anything other than the Sonos app? eg Audio.Report or some third party Sonos apps (not mine though). If so, you have given full and permanent access to that service to your Sonos system. Changing your Sonos password won’t break this connection.

If that service got hacked then the hackers will have full and permanent access to your system.

Sonos still do not have a way of un-registering 3rd parties from their authentication service.

I thought it was possible to contact Sonos Support and ask them to remove the authorisation - that said, I do agree that there ought to be a way for a user to be able to revoke any authorisation, perhaps a suitable place to do that would be in the users online Sonos account settings. 

The fact it’s not (easily) available, has made me hesitant to sign up and try some 3rd-party Apps.

“Login with Sonos”? Never seen this.

​@Florentina Michael Sonos should be able to see what device is being used to turn the volume up. If it happens again send in a diagnostic immediately.

This is the first post from the op. It’s 20 hours since they posted, there’s been 13 replies, and no response yet from the op. Odd…

It’s how third parties can get access to your Sonos system for integration purposes: https://docs.sonos.com/docs/authorize

They may not respond as they may have realized it may have been their fault for sharing their password. On the other hand it could have been a full blown network hack via other means such as clicking on a link.

I see. Thanks.