Apple Watch makes sure to show up passcode authentication if removed from your wrist, and disconnected from your iPhone. However, this protection can be bypassed, go through a complete reset and be reused by anybody who holds it.
In a YouTube video by iDownloadBlog, they demonstrate, the whole procedure. It is known that iPhone is protected from getting reactivated without the credentials of Account configured on it. Looks like similar thing is missing or have a bug which is helping to bypass the whole security thing.
In the video, the maker demonstrates :
- Long-press the button on the watch until you get a power off option.
- Now long press Power Off option and it gives another option to erase all content and setting.
- Now, if you say yes, this doesn’t execute right away until you place it for charging.
This is a very serious concern right now, and I am sure Apple will get an update out for this. Till then you really need to take care of the watch as there is no “Find my Phone” like feature for watch as it misses the direct ability to connect directly.