Verkada, a Silicon Valley security startup that provides cloud-based security camera services, has suffered a major security breach. Hackers had access to more than 150,000 of the company’s cameras, including cameras in Tesla factories and warehouses, Cloudflare offices, Equinox academies, hospitals, prisons, schools, police stations and Verkada’s own offices, Bloomberg reports.
According to Tillie Kottmann, one of the members of the international hacking collective that breached the system, the hack was designed to show how the company’s security cameras are common and how they can be easily hacked. In addition to the live feeds, the group also claimed to have access to the full video archive of all Verkada customers.
In a statement to Bloomberg, a Verkada representative commented: “We have disabled all internal administrator accounts to prevent any unauthorized access. Our internal security team and external security company are investigating the scale and scope of this potential problem. ” Following Bloombergat Verkada’s request, the group lost access to the company’s active files and feeds.
The hack was apparently relatively simple: the group was able to obtain “Super Admin” level access to the Verkada system using a username and password that they found publicly on the Internet. From there, they were able to access the entire company network, including root access to the cameras themselves, which, in turn, allowed the group to access the internal networks of some Verkada customers.
Verkada is proud to offer security cameras connected to the Internet, promising a “software approach first” from Silicon Valley to make security “as integrated and modern as the organizations we protect”. Cloud-connected cameras include a smart web-based interface for companies to monitor their feeds and also offer facial recognition software (optional).
The company has also been criticized in the past for accusations of sexism and discrimination after an incident in 2019, where a sales director used security cameras from Verkada’s office to harass coworkers, secretly photographing and posting photos of them on the company’s Slack channel. In response, the CEO of Verkada offered members of the Slack channel the choice between leaving the company or having their stock options cut.
The list of customers who use Verkada is extensive: in addition to companies like Tesla and Cloudflare, the group gained access to Verkada cameras within Halifax Health, a Florida hospital; Sandy Hook Elementary School in Newtown, Connecticut; Madison County Jail in Huntsville, Alabama; and Wadley Regional Medical Center, a hospital in Texarkana, Texas. In addition to the camera images, the group also says it was able to access the full list of Verkada’s thousands of customers and their private financial information.