A small group of hackers claim they breached a massive collection of security-camera data in the possession of Silicon Valley startup Verkada Inc., to gain access to live feeds of 150,000 surveillance cameras inside companies such as Tesla and Cloudflare, several hospitals, police departments, prisons and schools.
The data breach was carried out by an international hacker collective and intended to expose the pervasiveness of video surveillance and the ease with which systems could be broken into, said Swiss software developer Tillie Kottmann who is one of the hackers.
Kottmann, who is known for finding security flaws in mobile apps and other systems, shared with media outlets such as Reuters and Bloomberg recordings from inside a Tesla factory in China and showroom in California. Additional footage came from an Alabama jail, hospital rooms, a police interview area and a community gym.
The hackers were also able to view video from inside women's health clinics, psychiatric hospitals and the offices of Verkada itself. Some of the cameras, including in hospitals, use facial-recognition technology to identify and categorize people captured on the footage.
The hackers say they also have access to the full video archive of all Verkada customers.
In a video seen by Bloomberg, a Verkada camera inside Florida hospital Halifax Health showed what appeared to be eight hospital staffers tackling a man and pinning him to a bed.
Another video, shot inside a Tesla warehouse in Shanghai, shows workers on an assembly line. The hackers said they obtained access to 222 cameras in Tesla factories and warehouses.
The hackers found login information for Verkada’s administrative tools publicly online this week, Kottmann said. However, he declined to identify other members of the group.
Kottmann had earlier claimed credit for hacking leading chipmaker Intel Corp. and carmaker Nissan Motor Co..
A Verkada spokesperson admitted that the hacking had taken place. "We have disabled all internal administrator accounts to prevent any unauthorized access. Our internal security team and external security firm are investigating the scale and scope of this issue, and we have notified law enforcement," the spokesperson said in a statement.
San Francisco-based Cloudflare said in a statement : "This afternoon we were alerted that the Verkada security camera system that monitors main entry points and main thoroughfares in a handful of Cloudflare offices may have been compromised," "The cameras were located in a handful of offices that have been officially closed for several months." The company said it disabled the cameras and disconnected them from office networks.