Verkada Employees Had Direct Access To Thousands Of Private Camera Feeds And Here's Why

On Monday, hackers gained access to the “Super Admin” account, which allowed them to view and capture video from schools, hospitals along with companies such as Tesla, Cloudflare, and Verkada itself. Now, three former employees have come forward to explain this “Super Admin” account could have allowed more than 100 employees at the form to view any customer’s live feed.
Two of these ex-employees told Bloomberg that Super Admin account access was an incredibly widespread issue within Verkada. A former senior-level employee said that “[Verkada] literally had 20-year-old interns that had access to over 100,000 cameras and could view all of their feeds globally.” Another employee explained that there were logs and explanations for why a camera needed to be accessed; however, “Nobody cared about checking the logs,” and “You could put whatever you wanted in that note; you could even just enter a single space.”

While the company has since explained that access was limited to those who needed it and there were strict rules in place, it may not have mattered much. Evidently, the Super Admin issues had been brought up multiple times by employees, but they were clearly not fixed. Moreover, last year, the company had issues with sales managers taking photos of female employees and captioning them with sexually explicit comments as IPVM reports. Seemingly, Verkada has had a long run with camera access and security issues.

Overall, it is surprising that this security breach did not occur sooner than it did, given what we have heard from former Verkada employees. Furthermore, this information lends credence to what Tillie Kottman said about surveillance, specifically about “how little care is put into at least securing the platforms used to do so, pursuing nothing but profit.”