A group of hackers are reported to have gained access to thousands of Verkada surveillance cameras across the globe, allowing them to monitor live feeds from within hospitals, prisons, and even a Tesla warehouse.
As reported by Bloomberg this week, 150,000 surveillance cameras operated by the Silicon Valley startup company Verkada were exposed by an international hacking collective.
The hackers said they were able to access not only 222 surveillance cameras used by Tesla, but cameras inside of schools, police departments, psychiatric hospitals, women’s health clinics, and even Verkada’s own offices.
Some of the surveillance cameras were also found to be utilizing facial recognition technology.
The goal of the breach, according to Tillie Kottmann, a hacker involved in the targeting of Verkada, was to reveal how pervasive and vulnerable such surveillance systems can be.
Kottman further explained that the hack was also spurred by “lots of curiosity, fighting for freedom of information and against intellectual property, a huge dose of anti-capitalism, a hint of anarchism—and it’s also just too much fun not to do it.”
The breach was made possible after the hackers located a Verkada employee’s login credentials that were left publicly exposed online. The administrative account was designed to allow Verkada employees to gain remote access to any of its customers’ camera feeds.
Kottmann added that the hack “exposes just how broadly we’re being surveilled, and how little care is put into at least securing the platforms used to do so, pursuing nothing but profit.”
After learning of the exposure, Verkada said in a statement that it alerted law enforcement and “disabled all internal administrator accounts to prevent any unauthorized access” while its security team investigates the scale of the hack.
Although they have lost access to live feeds as a result, Kottmann said they were able to download Verkada’s customer list as well as a balance sheet.
Other cameras that the hackers accessed belonged to Verkada customers such as software provider Cloudflare, luxury gym chain Equinox, and Sandy Hook Elementary School in Newtown, Connecticut. One camera was even found inside the home of a Verkada employee.