Amazon and Google both offer smart speakers that provide a variety of services based on voice activated commands. They also both allow third party developers to create voice apps utilizing the functionality of these devices. In the past there have been concerns over employees of Amazon or Google utilizing the always on microphone feature to eavesdrop on users. With third party developers being allowed to create and deploy apps for these devices the concern is multiplied by every third party app developed.
While Amazon and Google have vetting protocols in place to ensure that criminals can not publish malicious apps for these devices, recently Security Research Labs found two possible hacking scenarios that apply to Amazon Alexa and Google Home. You can see a full description of both these hacks here https://srlabs.de/bites/smart-spies/
SRL reported these hacks to Amazon and Google before they made them public, so that the companies could work to resolve these issues. As with all connected devices criminals will attempt to use these smart speakers to gain valuable information. Keep in mind that unless you have muted or unplugged these devices the microphones are always on. These devices should never request your password, and if they do you should log into your account from another device to confirm the request. Also using 2 factor authentication for accounts linked to these devices will help to mitigate security concerns.