An international hacker group has breached a massive trove of security-camera data collected by Silicon Valley’s Verkada Inc. The hackers gained access to live feeds of 150,000 cameras inside hospitals, companies, police departments, prisons, schools and even homes.
This Breach Was Way Too Easy
Verkada sells security cameras that customers can access and manage through the cloud using a web browser. The hackers’ stated purpose was to show the pervasiveness of video surveillance and the ease with which such systems could be broken into. To prove their point, the hackers found a user name and password for a Verkada “Super Admin” that was publicly exposed online. The credentials granted them “root” access, enabling them to load and execute their own code and hijack the customers’ Verkada cameras.
Lack of Internal Controls
Verkada’s own employees – about 100 of them – were able to peer into videos from client cameras. Several Verkada employees have been fired for using their access to spy on female colleagues. Verkada’s internal and external security teams and law enforcement are investigating the scale and scope of the breach, and customers were provided a support line to answer questions. Since Verkada intervened, the hackers have lost access to the video feeds and archives.
Due Diligence is Essential
This breach underscores the need to exercise due diligence when choosing your video surveillance system. Ensure you ask providers about what controls, restrictions and audit capabilities are in place to discourage and prevent abuse. Just because a provider has remote management capabilities to implement software updates doesn’t necessarily mean they also need access to your live video feeds and archives.
Our video surveillance and security system experts design and deploy proven solutions backed with outstanding training, support, tools and best practices to help safeguard your organization.
Contact DataLink today.
(410) 729-0440 | Email