Companies on alert after apparent hack of cloud-based security camera service
Cloud-based security camera company Verkada confirmed on Wednesday that it is grappling with a cybersecurity incident after multiple reports said hackers had breached customer video feeds at a wide range of businesses.
The incident, which was first reported by Bloomberg, is said to have allowed the intruders to access feeds from as many as 150,000 security cameras of Verkada’s customers, such as car maker Tesla, fitness company Equinox and internet security company Cloudflare.
Cloudflare told CNN Business on Wednesday it uses Verkada systems to monitor office entry points and thoroughfares, and that Verkada had reached out to notify the company its cameras may have been compromised. Cloudflare said none of its own customers’ data had been affected by the Verkada breach.
“The cameras were located in offices that have been officially closed for nearly a year,” the company said.
Equinox and Tesla didn’t immediately respond to requests for comment, but Tesla told Reuters the incident was limited to a Chinese production facility.
Okta, the identity management company and also a Verkada customer, told CNN Business that 5 Verkada cameras monitoring Okta’s office entrances were compromised. The incident has not disrupted Okta’s own customer-facing services, said communications director Lindsay Life.
“After conducting further investigation, Okta determined that five Verkada cameras were compromised,” Life told CNN Business. “These cameras were isolated and separate from Okta’s production and company networks. Okta does not employ facial recognition technology, and there is no evidence that any live streams were viewed during the limited access that occurred.”
Verkada told CNN Business it has disabled “all internal administrator accounts” to lock down the breach.
“Our internal security team and external security firm are investigating the scale and scope of this issue,” Verkada said, “and we have notified law enforcement.”
According to Bloomberg, an international group of hackers was able to gain access to Verkada using administrator credentials that were found on the public internet.
Verkada told CNN Business it has reached out to customers and provided them with a help hotline.