Cloudflare told CNN Business on Wednesday that it was using Verkada systems to monitor access points and corridors for offices, and that Verkada had issued notices to the company that the cameras might have been compromised. According to Cloudflare, the data of its own customers was not affected by the Verkada violation.
“The cameras were located in offices that had been officially closed for almost a year,” the company said.
Okta, the identity management company and also a client of Verkada, told CNN Business that 5 Verkada cameras monitoring Okta’s office entrances were compromised. The incident did not disrupt the services of Okta’s own customers, said communications director Lindsay Life.
“After further investigation, Okta determined that five Verkada cameras had been compromised,” Life told CNN Business. “These cameras are isolated and separate from Octa’s production and operating networks. Octa does not use face recognition technology, and there is no evidence that live streams were seen during the limited access that took place.”
Verkada told CNN Business it had eliminated “all internal administrator accounts” to close the breach.
“Our internal security team and external security firm are investigating the scope and extent of this issue,” Verkada said, “and we have notified law enforcement.”
According to Bloomberg, an international group of hackers was able to gain access to Verkada using administrator credentials found on the public Internet.
Verkada told CNN Business it reached customers and provided them with a helpline.