Summary List Placement
On Monday, a group of hackers breached Verkada, gaining access to live and archived footage from 150,000 of its customers’ private security cameras.
As it turns out, the accounts they used to access those feeds were widely available to Verkada employees as well.
Verkada allowed at least 100 employees, including interns and sales staff, to access “Super Admin” accounts, giving them the ability to view customers’ cameras, Bloomberg reported Wednesday.
Verkada didn’t immediately respond to a request for comment, but told Bloomberg it had “previously limited access to internal administrator accounts to engineers and support staff so they could address customers’ questions and technical issues,” and that it required them to get customers’ “explicit permission” before accessing their feeds.
But Bloomberg’s reporting found Verkada employees had repeatedly raised concerns about widespread Super Admin access and the ease with which employees could circumvent security measures meant to prevent them from abusing that access.
The independent research firm IPVM also reported earlier on Wednesday that Verkada didn’t disclose to customers when its employees viewed their camera feeds, even for troubleshooting technical issues.
Verkada previously came under fire over internal access to its cameras after a report surfaced accusing male employees of using the company’s cameras to take photos of female employees and share them in a private Slack channel. After initially disputing the report, Verkada eventually fired the male employees involved, following a separate investigation by Vice News.
NOW WATCH: Why electric planes haven’t taken off yet