A Massive Security Breach for the Silicon Valley Start-Up

 

Verkada, a Silicon Valley security start-up that gives cloud-based security camera services, has witnessed a massive security breach. Hackers accessed more than 150,000 of the organization's cameras, including cameras in Tesla processing plants and warehouses, Cloudflare offices, Equinox gyms, medical clinics, prisons, schools, police stations, and Verkada's own offices, Bloomberg reports. 

As indicated by Tillie Kottmann, one of the members of the international hacker collective that breached the system, the hack was intended to demonstrate how effectively the organization's surveillance cameras can be hacked. In addition to the live feeds, the group likewise professed to have had access to the full video archive of all of Verkada’s customers. In a video seen by Bloomberg, a Verkada camera inside Florida hospital Halifax Health showed what had all the earmarks of being eight hospital staff members tackling a man and pinning him to a bed. Halifax Health is highlighted on Verkada's public-facing site in a case study entitled: “How a Florida Healthcare Provider Easily Updated and Deployed a Scalable HIPAA Compliant Security System.” 

In a statement to Bloomberg, a Verkada representative told: “We have disabled all internal administrator accounts to prevent any unauthorized access. Our internal security team and external security firm are investigating the scale and scope of this potential issue.” Following Bloomberg's request to Verkada, the group lost access to both the organization's live feeds and archives. 

The hack was relatively simple: the group figured out how to acquire "Super Admin"- level access to Verkada's system employing a username and password they found publicly on the internet. From that point onwards, they were able to access the entire company’s network, including root access to the cameras which, thus, permitted the group to access the internal networks of some of Verkada’s customers. 

The organization has likewise experienced harsh criticism in the past for allegations of sexism and discrimination after an incident in 2019, wherein a sales director utilized Verkada's office surveillance cameras to harass female associates by secretly photographing and posting pictures of them in a company Slack channel. Accordingly, Verkada's CEO offered individuals from the Slack channel a decision between leaving the organization or having their stock options cut.