- A group of hackers have breached a database containing security camera feeds collected by Verkada Inc., a Silicon Valley startup. The database includes live feeds of 150,000 surveillance cameras inside hospitals, organizations, police departments, prisons and schools.
- Tesla Inc. and software provider Cloudflare Inc. were exposed in the breach.
- The breach was carried out by a hacker with the goal of demonstrating the “pervasiveness of video surveillance and the ease with which systems could be broken into.” One of the hackers claiming credit for this breach include Tillie Kottmann, who has reportedly hacked Intel Corp. and Nissan Motor Co.
- A Verkada spokesperson said they had disabled all internal administrator accounts to prevent any further unauthorized access.
- This latest breach should be a reminder that a compromised privileged account can lead to access to extremely sensitive devices when it is not protected with privileged access best practices, notes Joseph Carson, Chief Security Scientist at Thycotic. “Questions should be raised on whether a single user account should have that much privileged access to so many security cameras. When I was a System Administrator, we practiced separation of duties meaning that my accounts had limited access and for me to gain access to other systems I had to go through a security control before that would be permitted. This latest security breach is a stark reminder on the importance of the Principle of Least Privilege and why a single privileged account should be controlled with more verifications and requirements.”
– Maria Enriquez | March 11, 2021