According to one of the hackers who was involved in the breach, a small group of hackers were able to view live and archived surveillance footage from hundreds of businesses including that of Tesla Inc over the past two days. Hackers gained access to live footage after gaining administrative access to camera maker Verkada.
Tillie Kottmann, a Swiss software developer who shot to fame after finding security flaws in mobile apps and in other systems, shared screenshots of a Tesla warehouse in California on Twitter. He also shared screenshot of an Alabama jail on Twitter.
While Kottmann declined to name other members of the hacking group, he said, the purpose of the sharing the screenshots was to draw attention to the pervasive monitoring of citizens. The hackers found login information for Verkada’s administrative tools online.
Verkada acknowledged an intrusion, saying it had disabled all internal administrator accounts to prevent unauthorized access.
“Our internal security team and external security firm are investigating the scale and scope of this issue, and we have notified law enforcement” and customers, said the company.
Kottmann went on to add, if the intent of the group was malicious, it could have used the access to see parts of the Tesla’s facilties along with those of Cloudflare Inc and Okta Inc.
Neither Tesla, Cloudflare or Okta immediately responded to requests for comments.
A list of Verkada user accounts provided by the hacking group includes thousands of organizations, including gym chain Bay Club and transportation technology startup Virgin Hyperloop.
Neither Madison County Jail in Alabama, Bay Club or Virgin Hyperloop immediately responded to requests for comments.
Verkada has mentioned on its website that it has more than 5,200 customers, including cities, colleges and hotels. Its cameras have proved popular because they pair with software to search for specific people or items. Users can access feeds remotely through the cloud.