Hackers Gain Access to Surveillance Camera Live Feeds at Hospitals, Prisons, Schools

You wouldn’t think it possible that a single hack could unlock access to live feeds from surveillance cameras installed in hospitals, prisons, schools, and police departments. That is, until you realize they all rely on the same cloud-connected system offered by one company.

As Bloomberg reports, an international hacker collective targeted and successfully breached Verkada, a Silicon Valley startup focused on enterprise security camera systems. The company markets itself as offering a new approach and standard for enterprise security that’s software-first and cloud-focused. It seems this approach has been its undoing, though.

The hackers claim to have accessed Verkada’s full video archive including footage from all their customers. They also tapped into over 150,000 live surveillance feeds installed in hospitals, prisons, police departments, and schools, but also high-profile companies including Tesla and Cloudflare. Footage from a camera installed inside Florida hospital Halifax Health, another at a Tesla warehouse in Shanghai, and a third at a police station in Stoughton, Massachusetts were shown to Bloomberg. Images from the Madison County Jail in Huntsville, Alabama were also shared.

The breach appears to have been easily achieved. One of the hackers forming the collective, Tillie Kottmann, explained how they discovered a user name and password for an administrator account on Verkada’s network that was “publicly exposed on the internet.” Using that, the network was compromised and root access gained. However, access has now been lost after Verkada realized what had happened.

“We have disabled all internal administrator accounts to prevent any unauthorized access,” a Verkada spokesperson said in a statement. “Our internal security team and external security firm are investigating the scale and scope of this issue, and we have notified law enforcement.”

Many of Verkada’s customers will be no doubt be reassessing their relationship with the company today, as well as demanding to know exactly what footage was accessed and which details were stolen. Verkada is thought to be setting up a support line for concerned customers and will be notifying them all of the breach.