Verkada Says It Notified FBI of Major Hack of Surveillance Data
(Bloomberg) -- Security camera company Verkada Inc. said it’s contacted the U.S. Federal Bureau of Investigation about a massive hack that exposed surveillance data of Verkada customers, including companies, hospitals, schools and detention centers.
The remarks largely confirm a report by Bloomberg News Tuesday outlining one of the largest breaches of its kind, giving hackers access to footage gathered by 150,000 cameras used by Verkada’s customers.
“We believe the attackers gained access to this server on March 7, 2021 and maintained access until approximately noon PST on March 9, 2021,” the company said in a post on its website. “In gaining access to the server, the attackers obtained credentials that allowed them to bypass our authorization system, including two-factor authentication.”
Verkada said that its systems were secure as of noon Pacific time on March 9, and that no user passwords were accessed. The company confirmed hackers accessed the cameras and a list of its customers.
“We can also confirm that the attackers gained access to a tool that allowed the execution of shell commands on a subset of customer cameras; however we have no evidence at this time that this access was used maliciously against our customers’ networks,” the post said. “All shell commands issued through our internal tool were logged.”
The company said it had retained cybersecurity firm Mandiant Solutions, which is owned by FireEye Inc., and the law firm Perkins Coie to assist in its investigation.
©2021 Bloomberg L.P.