A group of cyber threat actors have gained access to more than 150,000 surveillance cameras from hundreds of businesses including Tesla Inc and watched them live, as well as archived recordings. As reported, the hackers managed to gain administrative access to the camera maker Verkada over the past two days.
Tillie Kottmann, a Swiss software developer, shared recordings from inside the Tesla factory in China and California showroom, while other footages came from Alabama prison, police interview area, hospital room and a community gym, reported Reuters.
The Hacking Group
Kottmann, who is also known for finding security flaws in mobile apps and other systems, refused to identify other members of the small hacking group. But he explained that the group of cybercriminals sought to draw attention to the extensive monitoring of individuals after having found login details for Verkada's administrative tools publicly online this week.
However, the California based software company said that it had disabled all internal administrator accounts to prevent unauthorized access. "Our internal security team and external security firm are investigating the scale and scope of this issue, and we have notified law enforcement [and its customers]," added Verkada.
The report was first reported by Bloomberg on Tuesday, March 9. According to Kottmann, the affected company disconnected hackers' access, several hours before the report was published.
He also claimed that if the cybercriminal wanted, they could have used the control of camera gear to access other parts of the company networks at internet company Cloudflare Inc and tubing service company Okta Inc, as well as Elon Musk's Tesla.
Affected Customers
According to Cloudflare, the company's security measures designed to block such data breach incidents and no customer data were affected by this hacking campaign. Octa also confirmed that its service was not affected and the company is now investigating the issue. But Tesla has not said anything regarding the cybersecurity incident.
But as per Reuters, a list of Verkada user accounts were shared by a group of hackers. The list includes thousands of names of the organizations such as gym chain Bay Club and transportation technology firm Virgin Hyperloop.
However, the authentication of the list and the screenshots shared by the Swiss expert is yet to be established. But the list also included detailed data and matched other materials from Verkada, which has more than 5,200 customers, such as collages, hotels and cities.
Verkada's camera became popular as it includes software that can help to search for specific people or items. Chief Executive Filip Kaliszan said in 2018 that the company had made it easy for the users at an organization to watch live video feeds and share them securely—for example, with emergency responders. But according to a report by Vice, some employees had used these cameras and their facial recognition technology to take and share images of female colleagues.