Widespread hacking continued to be on everyone's minds this week, as countless companies and organizations continued to struggle with a slew of major hacks. Now that Microsoft's patches have been out for awhile, an array of nation state and criminal actors are getting more aggressive about exploiting a set of Microsoft Exchange Server bugs that were already under active attack by the Chinese group Hafnium. Meanwhile, the White House is mulling a response to Russia's recent, high-profile SolarWinds espionage campaign that compromised data at numerous United States government agencies and private companies around the world. For the Biden administration, the risk is that too strong a retaliation could erode norms and be seen as hypocritical given that the US and virtually every government engages in digital espionage. Criminal hackers have also continued their extortion rampage related to a breach of the network equipment and firewall maker Accellion.
More than 100 employees at security camera startup Verkada Inc. could peer through the cameras of its thousands of customers, including global corporations, schools and police departments, according to three former employees aware of the company's security protocols. Verkada was breached on Monday, when hackers gained access to what's known as a "Super Admin" account that allowed them to see all of the live feeds and archived videos of Verkada's customers, Bloomberg reported. With access to 150,000 cameras, the hackers were able to see inside Tesla Inc., as well as watch police interviews and witness hospital employees tackling a patient. The use of Super Admin accounts within Verkada was so widespread that it extended even to sales staff and interns, two of the employees said. "We literally had 20-year-old interns that had access to over 100,000 cameras and could view all of their feeds globally," said one former senior-level employee, who asked not to be identified discussing private information.
Following reports that live feeds from over 150,000 of its security cameras were exposed, including those situated in prisons, hospitals, schools, police stations, and Tesla factories, Verkada has disabled accounts to prevent further access. According to Bloomberg, a group of hackers accessed the data collected by the Silicon Valley startup. The hackers are reported as saying they also have access to the full video archive of all Verkada customers. Bloomberg claims to have sighted footage validating the details of the breach. Verkada has described itself as bringing "the ease of use that consumer security solutions provide, to the levels of scale and protection that businesses and organisations require".
Verkada, a security start-up focused on cloud-based security cameras, disclosed suffering a major security breach; hackers gained access to over 150,000 security cameras. These cameras include those in Tesla factories, Cloudflare offices, Equinox gyms, hospitals, jails, schools, and police stations. Read what Bryson Bort, CEO of SCYTHE has to say about the data breach at Verdaka on Solutions Review.
A report from Bloomberg says that hackers breached the security of Verkada, an enterprise surveillance video company, and were able to access live feeds from over 150,000 cameras. The reporter were in contact with the hackers, who said they had access to hundreds of cameras in Tesla facilities, as well as other companies like Cloudflare. In a statement, a spokesperson for Verkada said "We have disabled all internal administrator accounts to prevent any unauthorized access. Our internal security team and external security firm are investigating the scale and scope of this issue, and we have notified law enforcement." The hackers said they lost access after Bloomberg contacted the company, but that they initially got in via a "Super Admin" login that was exposed on the internet, then used built-in camera features to obtain root access and remote control.