A group of activist hackers highlighted a key vulnerability of today’s Internet, as they broke into a security-camera startup and peered into hospitals, schools, jails, and other locations.
Hackers gained access to 150,000 cameras by breaching a Verkada “Super Admin” account, Bloomberg News first reported.
With camera access, the hackers saw inside Tesla factories, watched police interviews, and witnessed hospital employees tackling a patient. The Silicon Valley startup has since notified its customers and law enforcement of the hack.
According to Bloomberg, two sources told them that Super Admin accounts within the company extended to sales staff and interns.
“We literally had 20-year-old interns that had access to over 100,000 cameras and could view all of their feeds globally,” said one former senior-level Verdaka employee, told Bloomberg.
Super Admin accounts have legitimate purposes. Software engineers use admin accounts to debug products, while support staff use them to assist with ongoing issues.
The ease with which the hacktivist group, called APT-69420, gained access to so many live cameras suggests there were limited measures in place at Verkada that would prevent its employees from doing the same thing, Bloomberg said.
As more companies accumulate and store sensitive data, including video feeds, they become rewarding targets for hackers.
“This breach should be a wake-up call to the dangers of self-surveillance,” Andrew G. Ferguson, a law professor at American University Washington College of Law, told the Washington Post. “We are building networks of surveillance we cannot escape from without really thinking about the consequences. Our desire for some fake sense of security is its own security threat.”
Chivaroli and Associates Insurance Services is a full-service brokerage firm specializing in the custom-design and placement of insurance and alternative risk funding solutions for your healthcare organization.