Verkada Employees Had Direct Access To Thousands Of Private Camera Feeds And Here's Why
Earlier in the week, hackers gained access to over 150,000 Verkada customer camera feeds
that allowed them to grab screenshots and video clips. This breach happened because of a “Super Admin” account that was able to view any camera feed. Now, former Verkada employees are coming forward to explain that any employee could view the camera feeds, and security was lackadaisical at best.
On Monday, hackers gained access to the “Super Admin” account, which allowed them to view and capture video from schools, hospitals along with companies such as Tesla, Cloudflare, and Verkada itself. Now, three former employees have come forward to explain this “Super Admin” account could have allowed more than 100 employees at the form to view any customer’s live feed.
Hacked Cloudflare Camera Image Courtesy Of Tillie Kottman
Two of these ex-employees told Bloomberg
that Super Admin account access was an incredibly widespread issue within Verkada. A former senior-level employee said that “[Verkada] literally had 20-year-old interns that had access to over 100,000 cameras and could view all of their feeds globally.” Another employee explained that there were logs and explanations for why a camera needed to be accessed; however, “Nobody cared about checking the logs,” and “You could put whatever you wanted in that note; you could even just enter a single space.”
While the company has since explained that access was limited to those who needed it and there were strict rules in place, it may not have mattered much. Evidently, the Super Admin issues had been brought up multiple times by employees, but they were clearly not fixed. Moreover, last year, the company had issues with sales managers taking photos of female employees
and captioning them with sexually explicit comments as IPVM
reports. Seemingly, Verkada has had a long run with camera access and security issues.
Overall, it is surprising that this security
breach did not occur sooner than it did, given what we have heard from former Verkada employees. Furthermore, this information lends credence to what Tillie Kottman said about surveillance, specifically about “how little care is put into at least securing the platforms used to do so, pursuing nothing but profit.”