Security News > 2021 > March > 150,000 security cameras allegedly breached in “too much fun” hack
According to Bloomberg, one of the hacking crew, Tillie Kottmann, claimed to have accessed cloud-based camera surveillance company Verkada and found themselves face-to-face with a huge swathe of internal data.
This data apparently included real-time feeds from up to 150,000 surveillance cameras at Verkada customer sites, as well as other real-time information such as access control data from Verkada customers.
The hackers' methods were unsophisticated: they gained access to Verkada through a "Super Admin" account, allowing them to peer into the cameras of all of its customers.
Make sure you not only have limits on just how much harm any individual user might do on their own, but also that you pay attention to any alerts warning you of users trying to get access to controlled resources.
If you are collecting surveillance data from customer sites but will never need to examine it yourself, encrypt it with your customers' keys right at source and only ever transmit or store it in encrypted form.
Encrypting data at source from a camera so that it can't be decrypted until it reaches your image processing servers helps to limit the number of people and devices on your network where sensitive data could be intercepted and stolen.