Approximately 150,000 security cameras and live feeds in varying institutions such as schools, jails, hospitals, and other businesses have been exposed in a data breach. This comes after a hacker group claimed that it had gained access to the network of security camera vendor Verkada Inc.
Verkada Inc. is a security camera vendor startup company located and operating in Silicon Valley. It is backed by Sequoia.
Among the companies and institutions that the hackers have gained unauthorized access to include the likes of Cloudflare, Equinox, and Tesla, reports Bloomberg. The data security incident also affected Virgin Hyperloop, Sandy Hook Elementary School in Newton, Connecticut, and many others.
The hacking group, APT-69420 Arson Cats, of which Swiss hacker Tillie Kottmann is a part of, said that the group was able to exploit the system of the startup Verkada after finding a username and password for an administrative account on the Internet, notes the Wall Street Journal.
According to ABC News, the APT-69420 dubs itself as a group of “primarily queer hackers, not backed by any nations or capital but instead backed by the desire for fun, being gay and a better world.”
After gaining access to the credentials, the hacking group was reportedly able to peer into thousands of live feeds and cameras, such as those from schools and hospitals. Bloomberg states that some of the cameras leveraged facial recognition technology in order to identify the people in the video.
Those who used such video types include hospitals. Based on the research of Bloomberg, they were able to view a camera feed inside Florida-based hospital Halifax Health. The feed showed eight employees tackling and pinning a man or a patient to a bed.
Apart from this, the hacking group also gained access to a Shanghai-based Tesla warehouse. The footage showed workers in an assembly line, reports Bloomberg. In total, APT-69420 has access to Tesla 222 cameras across its different manufacturing plants.
Following the data breach, Verkada announced in a statement that it immediately moved to disable internal administrator accounts to prevent similar intrusions from happening in the future, reports ABC News.
The camera vendor is also currently investigating the issue, saying “Our internal security team and external security firm are investigating the scale and the scope of this issue, and we have notified law enforcement.”
Besides this, the company is looking to notify affected companies and customers about the data breach. In addition, Verkada will also be establishing a support line for those who are hit with the hack.
