A report of Bloomberg says the hackers breached the security of Verkada, a corporate video surveillance company, and were able to access live feeds from more than 150,000 cameras. The reporter was in contact with the hackers, who said they had access to hundreds of cameras at Tesla’s facilities, as well as other companies like Cloudflare.
In a statement, a spokesperson for Verkada said: “We have disabled all internal administrator accounts to prevent unauthorized access. Our internal security team and our external security firm are investigating the scale and scope of this problem, and we informed the police. “
Hackers said they lost access after Bloomberg contacted the company, but they initially entered through a “Super Admin” connection that was exposed on the internet, and then used the built-in camera features to gain root access and remote control. Motherboard previously reported Verkada employees using surveillance cameras in their own offices to harass others and take pictures of the women they worked with, and now has obtained a hackers’ spreadsheet identifying 24,000 organizations that could use his cameras.
On its website, Verkada touts its ability to provide secure remote access to camera feeds “providing real-time visibility of events at sites.” He also advertises “video analysis“who can rely on facial recognition, identification and vehicle tracking. One of the people in the group behind the violation said Bloomberg that this incident “shows how much we are generally watched and how little care is taken at least to secure the platforms used to do so, without seeking profit.”