Verkada Inc., a Silicon Valley-funded security camera startup, has suffered a data breach with hackers reportedly able to gain access to 150,000 live camera feeds from companies, jails, police departments and schools.
The data breach was led by an “international hacker collective” and intended to show the ease with which systems could be broken into, a spokesperson for the collective Tillie Kottmann told Bloomberg today.
Kottmann has been linked to previous hacks in the past, including releasing data stolen from Intel Corp. in August. Kottmann said its reasons for hacking are “lots of curiosity, fighting for freedom of information and against intellectual property, a huge dose of anti-capitalism, a hint of anarchism – and it’s also just too much fun not to do it.”
The hack is claimed by Kottmann to be relatively simple. The hacking collective gained “Super Admin” level to Verkada’s system using a username and password found publicly on the internet. With access gained, they then accessed the entire company’s network, including root access to the cameras including those belonging to some customers.
Verkada, founded in 2016 and funded by venture capital firms including Sequoia Capital, counts among its customers Tesla Inc. and Cloudflare Inc., both of which had their security cameras compromised. Other security cameras compromised included those belonging to Equinox gyms, Halifax Health in Florida, a police station in Stoughton, Massachusetts, the Madison County Jail in Huntsville, Alabama, the Graham County detention center in Arizona and Sandy Hook Elementary School, the site of a mass shooting in 2012.
A representative for Verkada said in a statement that “we have disabled all internal administrator accounts to prevent any unauthorized access” and that “our internal security team and external security firm are investigating the scale and scope of this potential issue.”
“Verkada positions itself as a ‘more secure, scalable’ alternative to on-premises network video recorders,” Rick Holland, chief information security officer at digital risk protection software company Digital Shadows Ltd., told SiliconANGLE. “The Verkada intrusion…