A report from Bloomberg says that hackers breached the security of Verkada, an enterprise surveillance video company, and were able to access live feeds from over 150,000 cameras. The reporter were in contact with the hackers, who said they had access to hundreds of cameras in Tesla facilities, as well as other companies like Cloudflare.
In a statement, a spokesperson for Verkada said “We have disabled all internal administrator accounts to prevent any unauthorized access. Our internal security team and external security firm are investigating the scale and scope of this issue, and we have notified law enforcement.”
The hackers said they lost access after Bloomberg contacted the company, but that they initially got in via a “Super Admin” login that was exposed on the internet, then used built-in camera features to obtain root access and remote control. Motherboard had previously reported on Verkada employees who used surveillance cameras in their own office to harass others and take pictures of women they worked with, and now obtained a spreadsheet from the hackers identifying 24,000 organizations that may be using its cameras.
On its website, Verkada touts its ability to provide secure remote access to camera feeds “providing real-time visibility into events across sites.” It also advertises “video analytics” which can rely on facial recognition, identification and vehicle tracking using technology built directly into the cameras. One of the people in the group behind the breach told Bloomberg that this incident “exposes just how broadly we’re being surveilled, and how little care is put into at least securing the platforms used to do so, pursuing nothing but profit.”