I've been using Homebridge successfully for quite a while now and really like it (thanks!). Lately however I've noticed some activity that I did not initiate. At first I thought I accidentally controlled some devices but the latest round was clearly not from me. All the logs show the controls being initiated from 127.0.0.1 and look exactly like they do when I use Siri or the Home app.
I've disabled Homebridge for now but need to find a more permanent fix. Any ideas on how I can get more info about where the actions were initiated; i.e. An IP address? Which password, if any, was likely compromised- AppleID or Indigo? I'm trying to learn more about how this actually works to understand any vulnerabilities and any help would be much appreciated.
Thanks!
--Dave