Hackers breached the security of Verkada, a corporate surveillance video company, according to a report by Bloomberg. After this violation, it is claimed that live broadcasts can be accessed from more than 150,000 cameras served by the company.
After the incident, a reporter from Bloomberg contacted hackers who said they had access to hundreds of cameras in other companies such as Tesla and Cloudflare.
A Verkada spokesperson said in a statement regarding the attack, “We disabled all internal administrator accounts to prevent any unauthorized access. “Our internal security team and our external security company are investigating the scale and scope of this problem and we have notified the law enforcement agency.”
Hackers said they lost access after Bloomberg contacted the company. However, they initially stated that they entered the system via a “Super Admin” login that was exposed on the Internet, then used the built-in camera features to gain root access and remote control.
He had previously reported Verkada employees using security cameras in their offices to harass others and take photos of women they worked with. Now, hackers have obtained a spreadsheet of the company, describing the 24,000 organizations that use their cameras.
Verkada demonstrates its ability to provide secure remote access to camera feeds on its website, providing “real-time visibility into events on the sites. It also focuses on “video analysis” technologies based on facial recognition, identification and vehicle tracking using technology embedded directly in cameras.
One of the people in the group behind the violation told Bloomberg about this incident; “What happened shows how widely we are being monitored and, at least, how little care has been taken to secure the platforms used to do so, without pursuing anything but profit.”