Hacktivists breach Verkada and view 150,000 CCTV cams in hospitals, prisons, a Tesla factory, even Cloudflare HQ

2021-03-10 19:01

A CCTV camera biz which left an admin account username and password exposed on the World Wide Web has, you guessed it, been targeted by hacktivists.

Those cameras belonged to a whole host of organisations, according to the Bloomberg financial newswire, including: Tesla; Cloudflare; hospitals; police stations; prisons and, allegedly, more.

The security breach has been reportedly shut off, with a Verkada spokesman quoted as saying: "Our internal security team and external security firm are investigating the scale and scope of this issue, and we have notified law enforcement."

Cloudflare said in a statement the cameras in its premises that the hacktivists accessed "Were located in a handful of offices that have been officially closed for several months" and also added something incomprehensible about "Zero trust" being relevant to cameras deployed in its offices and aimed at its employees.

"While the true motivation of the group remains hidden, it looks like cyber activism - a breach aiming to expose the poor security of CCTV cameras. However, keep in mind that these compromised devices could also be used to install malware and start DDoS attacks, as well as infiltrate connected networks - with profit to be gained," opined Candid Wüest, Acronis' cybersecurity research veep.

Murray is right: CCTV cameras have long been a target for the digitally naughty.

News URL

https://go.theregister.com/feed/www.theregister.com/2021/03/10/150k_cctv_cameras_verkada_breach/

#breach #cctv #cloudflare #hacktivist #hospital #prison #tesla

Related vendor

VENDOR	LAST 12M	#/PRODUCTS	LOW	MEDIUM	HIGH	CRITICAL	TOTAL VULNS
Cloudflare		18	1	20	19	3	43
Tesla		6	3	5	1	0	9