From experience, you really can't just take user reports at face value. There's almost always something there, but it may or may not be what the user thinks it is.
So it's a good idea to apply Occam's razor.
Digitizer/ghost touch is probably the simplest explanation.
The only thing the hacked/pwned idea has going for it is the "We are in control" message, which is still a bit marginal if the watch really was hacked. (None of the other posts mention this and why would a hacker type that message in? Could be because it's a practical joke or maybe part of a phishing attack, but those are tenuous and nothing else mentioned supports those.)
So it's a good idea to apply Occam's razor.
Digitizer/ghost touch is probably the simplest explanation.
The only thing the hacked/pwned idea has going for it is the "We are in control" message, which is still a bit marginal if the watch really was hacked. (None of the other posts mention this and why would a hacker type that message in? Could be because it's a practical joke or maybe part of a phishing attack, but those are tenuous and nothing else mentioned supports those.)