Sonrai Security website logo for identity and data governance and cloud security

Security Startup Leaks 150k Camera Feeds

Author: Kelly Speiser | Date: March 12, 2021
Read Time: 2 minutes
Skill Level: Technical
Skill Level: Technical
Enterprise Video Security Startup Leaks Feeds of 150k Cameras

Verkada, a cloud-based camera surveillance company, fell victim to a data breach that compromised sensitive information of its client list, including more than 24,000 organizations. Hackers gained control of live feeds from high definition cameras at Tesla, Cloudflare, financial institutions, prisons, police departments, psychiatric care hospitals, churches, schools, banks, and Verkada offices. In addition to real-time high definition footage, wheresome from cameras equipped with facial recognition technology that enable users to track people’s movements, the global hacker group also has access to archived videos.

According to a Bloomberg article that first reported on the incident, the cameras were at main entry points and thoroughfares at a group of Cloudflare offices that have been closed for months. Cloudflare deactivated the cameras and disconnected them from their networks upon learning about the incident.

Tesla revealed that the Verkada cameras were installed in one of their suppliers and not in their Shanghai offices factory nor any of their dealership or service locations. 

Verkada offers a series of tools that include AI, bounding boxes, and heat maps. Its People Analytics feature enables users to filter and monitor individuals based on date and time, their gender traits, clothing color, and face. Once a high-resolution image is captured, it is relayed to a Cloud-based “Command” center. Images are stored on the People Analytics-enabled cameras, building upon its recognition of a profile.

Verkada notified law enforcement and is working with their internal security team and an external security company to investigate the incident. They also disabled all internal administrator accounts. 

Hackers Leveraged Super Admin Identity to Gain Camera Access

To infiltrate customer cameras, hackers used the credentials of a highly privileged Identity at Verkada that they found on the web. Hierarchically, Super Admins can access any resource or service and modify any content, including write, move, or delete it.

Organizations should employ the principle of least access to reduce the risk of a data breach. Whoever has access to data should absolutely need that access to get their work done. Minimize access to data; organizations should leverage automated tools to uncover identity risk by understanding what is being accessed, how, and where. Teams should continuously monitor the environment and look for any change detection events including anomalies such as unauthorized geographical access.

According to anonymous employees, more than 100 Verkada personnel had these highly privileged Identities. Organizations should also implement separation of duties, an increasingly important principle that severely limits the number of people who have Super Admin accounts and reduces the volume of security control failures.

Read more about the camera feed cloud security data breach at Bloomberg.

You Might Also Like

AWS Checklist: Expert Advice on Security & Risk Priorities

Key takeaways from our recent webinar on AWS security  As we discussed in a recent webinar on AWS security [...]

Read More

Data Breach Found From Engineer Misstep

Data breach crisis and private personal information break as an internet digital technology security concept for comput[...]

Read More

Data Breach Is Result Of A Failed Cloud Security Strategy

In mid January 2020, one of the largest hotel conglomerates in the world experienced a massive data breach. Over 5.[...]

Read More