Hackers say they broke into the network of Silicon Valley startup Verkada and accessed live video feeds from more than 150,000 surveillance cameras that the company manages for Cloudflare, Tesla, and many other organizations. I am.

The group released the videos and images they said as taken from their offices, warehouses, factories, and prison cells, psychiatric wards, banks, and schools. Bloomberg News, which first reported the breach, said the footage seen by the reporter showed that staff at the Florida hospital Halifax Health were working on a man and holding him in bed. Another video showed a man being handcuffed at a police station in Stoughton, Massachusetts, being cross-examined by police.

I don’t think the allegations that we hacked the Internet were as accurate as they are now, Tillie Kottmann, a member of a group of hackers calling themselves APT 69420 Arson Cats, wrote on Twitter.

Hard coded credentials

Cotman told Ars that hacking was possible after Verkada published an unprotected internal development system on the Internet. This included credentials for an account with super administrator privileges on the Verkada network. Upon entering the network, hackers said they could access feeds from 150,000 cameras, some of which provided high-definition video and used facial recognition.

A Verkada spokeswoman said in a statement: I have disabled all internal administrator accounts to prevent unauthorized access. An internal security team and an external security company are investigating the magnitude and scope of this issue and have notified law enforcement agencies.

Meanwhile, a Cloudflare representative wrote:

This afternoon, we were warned that the Verkada security camera system, which monitors the main entrances and main boulevards of some Cloudflare offices, could be at risk. The camera was installed in an officially closed office for nearly a year. As soon as I noticed the breach, I disabled the camera and disconnected from the office network. For clarity, no customer data or processes have been affected by this incident.

Tesla did not immediately respond to the request for comment.

Kottmann is a Swiss-based software engineer who leaked 20GB of Intel source code and proprietary data last year. Other companies reportedly compromised by Cotman include AMD, Microsoft, Adobe, Lenovo, Qualcomm and Motorola. These violations also relied on hard-coded credentials for repositories published on the Internet.

According to Cotman, the hacker collected about 5 GB of data from Verkada, but could have obtained more.

