Hackers say they were able to access live feeds of 150,000 surveillance cameras inside hospitals, companies, police departments, prisons, and schools, after breaking into a collection of security-camera data gathered by the Silicon Valley startup Verkada Inc. this week.
Bloomberg first reported Tuesday that the companies impacted included Elon Musk’s Tesla Inc. and the software provider Cloudflare Inc. The hackers also gained access to video inside women’s health clinics, psychiatric hospitals, and Verkada’s offices.
Facial-recognition is used on some of the security cameras to identify and catalog individuals captured in the footage, and the hackers say they have breached the entire video archive of Verkada customers.
One of the videos, viewed by Bloomberg, showed footage of what was apparently eight Halifax Health hospital employees in Florida tackling a man onto a bed. Verkada features Halifax Health on its website with a study called: “How a Florida Healthcare Provider Easily Updated and Deployed a Scalable HIPAA Compliant Security System.”
In another video, a Tesla warehouse in Shanghai shows employees working on an assembly line. The group of hackers claim they accessed 222 cameras in Tesla factories and warehouses.
The hackers are part of an international group whose intention was to demonstrate how easy it is to breach video surveillance systems, according to Tillie Kottmann, a hacker who took credit for breaking into Verkada in San Mateo, Calif.
Kottmann told Bloomberg the reasons the group engages in hacking are “lots of curiosity, fighting for freedom of information and against intellectual property, a huge dose of anti-capitalism, a hint of anarchism – and it’s also just too much fun not to do it.”
“We have disabled all internal administrator accounts to prevent any unauthorized access,” a Verkada spokesperson said in a statement. “Our internal security team and external security firm are investigating the scale and scope of this issue, and we have notified law enforcement.”
According to someone familiar with the matter, the incident is being investigated by Verkada’s chief information security officer, an internal team and an external security firm. The Silicon Valley company is also notifying customers and establishing a support line to answer customers’ questions.
“This afternoon we were alerted that the Verkada security camera system that monitors main entry points and main thoroughfares in a handful of Cloudflare offices may have been compromised,” Cloudflare said in a statement. “The cameras were located in a handful of offices that have been officially closed for several months.” The company said it disabled the cameras and disconnected them from office networks.
Tesla said, “…based on our current understanding, the cameras being hacked are only installed in one of our suppliers, and the product is not being used by our Shanghai factory, or any of our Tesla stores or services centers. Our data collected from Shanghai factories and other places mentioned are stored on local servers.”