Verkada, a cloud-based camera surveillance company, fell victim to a data breach that compromised sensitive information of its client list, including more than 24,000 organizations. Hackers gained control of live feeds from high definition cameras at Tesla, Cloudflare, financial institutions, prisons, police departments, psychiatric care hospitals, churches, schools, banks, and Verkada offices. In addition to real-time high definition footage, wheresome from cameras equipped with facial recognition technology that enable users to track people’s movements, the global hacker group also has access to archived videos.
According to a Bloomberg article that first reported on the incident, the cameras were at main entry points and thoroughfares at a group of Cloudflare offices that have been closed for months. Cloudflare deactivated the cameras and disconnected them from their networks upon learning about the incident.
Tesla revealed that the Verkada cameras were installed in one of their suppliers and not in their Shanghai offices factory nor any of their dealership or service locations.
Verkada offers a series of tools that include AI, bounding boxes, and heat maps. Its People Analytics feature enables users to filter and monitor individuals based on date and time, their gender traits, clothing color, and face. Once a high-resolution image is captured, it is relayed to a Cloud-based “Command” center. Images are stored on the People Analytics-enabled cameras, building upon its recognition of a profile.
Verkada notified law enforcement and is working with their internal security team and an external security company to investigate the incident. They also disabled all internal administrator accounts.
To infiltrate customer cameras, hackers used the credentials of a highly privileged Identity at Verkada that they found on the web. Hierarchically, Super Admins can access any resource or service and modify any content, including write, move, or delete it.
Organizations should employ the principle of least access to reduce the risk of a data breach. Whoever has access to data should absolutely need that access to get their work done. Minimize access to data; organizations should leverage automated tools to uncover identity risk by understanding what is being accessed, how, and where. Teams should continuously monitor the environment and look for any change detection events including anomalies such as unauthorized geographical access.
According to anonymous employees, more than 100 Verkada personnel had these highly privileged Identities. Organizations should also implement separation of duties, an increasingly important principle that severely limits the number of people who have Super Admin accounts and reduces the volume of security control failures.
Read more about the camera feed cloud security data breach at Bloomberg.