Hackers first executed their plan by gaining access to a “Super Admin” account of Verkada, a company that sells security cameras that are managed through a web-based program. Their methods of hacking were not advanced and it was reported that they simply found an admin username and password “publicly exposed” on the internet. Once they had the administrative account information, they were able to access deeper into the network, with ease.
The hackers now had access to live surveillance feeds of over 150,000 surveillance cameras. The compromised surveillance systems included Tesla Inc., Cloudflare Inc., Florida Hospital Halifax Health, Madison County Jail in Huntsville, Alabama, multiple locations of gym chain Equinox, and other schools, hospitals, police departments, prisons and businesses.
Not only did the breach allow hackers to see inside surveillance footage, revealing confidential police questioning sessions- children in elementary schools- patients in ICU beds- and inmates inside prisons, but their breach also allowed them to obtain a list of thousands of Verkada customers and Verkada’s financial balance sheets which included assets and liabilities.
Why is this important to you? The recent surveillance breach should be a reminder to us all how easily hackers can gain access to thousands of pieces from 1 simple username and password. It took one username and one password for many businesses, and even more individuals, to be exposed.
When you hear us preaching the importance of strong credentials throughout your company and emphasize the importance of security awareness training, we aren’t just saying it. It is critical to be protecting yourself, your business, your employees and your customers to the strongest ability possible.
All it takes is access to one username and password for your security to come crashing down.