Hackers said they accessed internal video feeds at several companies, including Tesla Inc., and at public agencies by breaching the network of security-camera vendor Verkada Inc., the latest cybersecurity incident in which a supplier unwittingly opened a back door into client networks.
Tillie Kottmann, one of the hackers, said the group found a username and password for a Verkada administrative account on the internet, permitting them to obtain the footage. That included footage from 222 cameras placed inside various Tesla factories and warehouses, Kottmann said in a message.
In all, the group could have accessed material from 150,000 Verkada cameras, according to Kottmann, who doesn’t identify as male or female and uses they as a pronoun.
Verkada has since disabled all internal administrator accounts to prevent any unauthorized access and has both internal and external teams investigating the matter, a spokesman said. The company said it has notified law enforcement and customers.
Although the hack was unsophisticated, with a crucial password left openly exposed, it adds to a number of attacks on networks launched through vendors. These “supply-chain hacks” have become a growing concern for cybersecurity professionals in recent years.