Ben Canner | Solutionsreview.com »
Verkada, a security start-up focused on cloud-based security cameras, disclosed suffering a major security breach; hackers gained access to over 150,000 security cameras. These cameras include those in Tesla factories, Cloudflare offices, Equinox gyms, hospitals, jails, schools, and police stations.
Surprisingly, the hackers behind the attack actually announced their culpability on Twitter: Tillie Kottmann of the APT 69420 Arson Cats (a hacker collective) stated the intention was to demonstrate the vulnerability of the cloud-based cameras. Additionally, the group claims to have gained access to Verkada’s full video archive for all of its customers.
According to reports, the hacker group gained this access via a privileged account, the username and password of which was available publicly on the Internet. This granted them the root access necessary to conduct the cyber-attack. At the time of writing, Verkada is attempting to regain control over their live feeds and archive.
For further perspective on this breach, which raises both identity management and physical security issues, we consulted some cybersecurity experts.
Expert Commentary on the Verkada Breach