Thousands of Security Cameras Compromised by Verkada Breach

Hackers responsible for Verkada Breach accessed security cameras in Tesla factories, Cloudflare corporate, Equinox gyms, hospitals, & more.

CI Staff Leave a Comment

The group of hackers responsible for the Verkada Breach gained access to 150,000 security camera feeds, a Bloomberg report says.

They accessed video from Tesla, Cloudflare, schools, hospitals, prisons and thousands of other organizations, according to the report.

Hackers managed to gain “Super Admin”-level access to Verkada’s system using a username and password it found publicly on the internet. From there, the members were able to access the entire company’s network, including root access to the cameras themselves, which, in turn, allowed the group to access the internal networks of some of Verkada’s customers.

In addition, hackers were able to view video from inside women’s health clinics, psychiatric hospitals and the offices of Verkada itself.

Some of the cameras, including in hospitals, use facial-recognition technology to identify and categorize people captured on the footage. The hackers say they also have access to the full video archive of all Verkada customers, according to Bloomberg.

In a video seen by Bloomberg, a Verkada camera inside Florida hospital Halifax Health showed what appeared to be eight hospital staffers tackling a man and pinning him to a bed. Halifax Health is featured on Verkada’s public-facing website in a case study entitled: “How a Florida Healthcare Provider Easily Updated and Deployed a Scalable HIPAA Compliant Security System.”

Another video, shot inside a Tesla warehouse in Shanghai, shows workers on an assembly line. The hackers said they obtained access to 222 cameras in Tesla factories and warehouses, according to Bloomberg.

The report cites a statement from Tillie Kottmann, said to be one of the hackers who claimed credit for breaching Verkada’s networks. Kottmann said the collective’s actions were intended to show the pervasiveness of video surveillance and the ease with which systems could be broken into.

Kottmann previously claimed credit for hacking chipmaker Intel Corp. and carmaker Nissan Motor Co. Kottmann said the group’s reasons for hacking are “lots of curiosity, fighting for freedom of information and against intellectual property, a huge dose of anti-capitalism, a hint of anarchism — and it’s also just too much fun not to do it.”

In statement to Bloomberg, a Verkada representative said: “We have disabled all internal administrator accounts to prevent any unauthorized access. Our internal security team and external security firm are investigating the scale and scope of this potential issue.”

Related: Corporate Clients Say Physical Security Solutions are More Important Because of COVID 

Founded in 2016, Verkada, based here, sells security cameras that end users can access and manage through the web. In January 2020, it raised $80 million in venture capital funding, valuing the company at $1.6 billion.

If you enjoyed this article and want to receive more valuable industry content like this, click here to sign up for our digital newsletters!