According to Forbes, the discovery was made by a company called Checkmarx, whose tools test the security of soon-to-be released software.
The hack exploits Alexa’s in-built function to listen out for follow-up commands from the user – for example, it might ask did you mean pm or am when you asked to set an alarm for a certain time.