A Silicon Valley startup offering cloud-based security camera services has had its systems breached in an attack that gave hackers access to numerous live feeds, some of them coming from Tesla factories.
Verkada, which launched in 2016, had around 150,000 of its cameras hacked, with many of the devices installed in hospitals, schools, police departments, prisons, and companies that besides Tesla also included software provider Cloudflare, according to a Bloomberg report on Tuesday, March 9.
Cameras inside Verkada’s own offices were also accessed.
Those responsible for the hack shared some of the captured footage with the news outlet. It included a video from inside a Florida hospital that appeared to show eight hospital workers wrestling a man before pinning him to a bed.
Some of the content also appears to show workers on an assembly line inside Tesla’s factory in Shanghai, China. The hackers claim to have gained access to as many as 222 cameras in multiple factories and warehouses owned by Tesla, Bloomberg reported.
More than 300 security cameras inside the Madison County Jail in Huntsville, Alabama, were also targeted in the hack. Some of the devices are concealed inside vents, thermostats, and defibrillators, according to the news outlet, and include Verkada technology capable of tracking inmates and staff using facial-recognition software.
Those behind the breach even claim it was even possible to listen in on interviews between police officers and suspects, along with high-definition footage of the interrogations.
The breach was reportedly carried out by a hacker, or group of hackers, going by the name “Tillie Kottmann,” and began on the morning of March 8.
Kottmann told Bloomberg that the breach “exposes just how broadly we’re being surveilled, and how little care is put into at least securing the platforms used to do so, pursuing nothing but profit,” adding, “It’s just wild how I can just see the things we always knew are happening, but we never got to see.”
In an emailed statement, Verkada told Digital Trends: “We have disabled all internal administrator accounts to prevent any unauthorized access. Our internal security team and external security firm are investigating the scale and scope of this issue, and we have notified law enforcement.”
The company added that it has notified affected customers about the breach and set up a dedicated support line to address their questions and issues.
