Verkada, a Silicon Valley security company that provides cloud-based security camera services, has suffered a major security breach. Hackers gained access to more than 150,000 of the company’s cameras, including cameras in Tesla factories and warehouses, Cloudflare offices, Equinox gyms, hospitals, prisons, schools, police stations and Verkada’s own offices. Bloomberg reports.
According to Tillie Kottmann, one of the members of the international hacker collective that violates the system, the hack was intended to show how common the company’s security cameras are and how easily they can be hacked. In addition to the live feeds, the group also claimed to have had access to the full video archive of all of Verkada’s customers.
In a statement to Bloomberg, said a Verkada representative: ‘We have disabled all internal administrator accounts to prevent unauthorized access. Our internal security team and external security firm are investigating the extent and extent of this potential issue. Next Bloombergat the request of Verkada, the group lost access to the company’s live feeds and archives.
The hack was apparently relatively simple: the group managed to gain ‘Super Admin’ access to Verkada’s system using a username and password they found publicly on the internet. From there, they were able to gain access to the entire company’s network, including root access to the cameras themselves, which in turn gave the group access to the internal networks of some of Verkada’s customers.
Verkada is proud to present Internet-connected security cameras, and promises a ‘software-first approach’ from Silicon Valley to make security ‘as seamless and modern as the organizations we protect’. The cloud-connected cameras provide a smooth, web-based interface for businesses to monitor their feeds and also offer (optional) face recognition software.
The company has also come under fire in the past over allegations of sexism and discrimination following an incident in 2019, where a sales director used Verkada’s security cameras to harass female employees by secretly photographing photos of them and in a Slack channel to post. In response, Verkada’s CEO offered members of the Slack channel a choice to leave the company or have their shares cut.
The list of customers using Verkada is wide: in addition to companies like Tesla and Cloudflare, the group gained access to Verkada cameras at Halifax Health, a hospital in Florida; Sandy Hook Elementary School in Newtown, Connecticut; Madison County Jail in Huntsville, Alabama; and Wadley Regional Medical Center, a hospital in Texarkana, Texas. In addition to the camera footage, the group says it was able to access the full list of Verkada’s thousands of customers and its private financial information.