Vulnerabilities and attack vectors were only a matter of time for these types of devices.  Please read the article closely and note that only older (pre-2017) devices are vulnerable and physical access is needed.  You should be very cautious when buying a used device or a device from a 3rd party reseller.

https://www.infosecurity-magazine.com/news/alexa-hack-allows-continuous/