A person with knowledge of the matter said Verkada’s chief information security officer, an internal team and an external security firm are investigating the incident. The company is working to notify customers and set up a support line to address questions, said the person, who requested anonymity to discuss an ongoing investigation.

The hack “exposes just how broadly we’re being surveilled, and how little care is put into at least securing the platforms used to do so, pursuing nothing but profit,” the hacker Kottmann said. “It’s just wild how I can just see the things we always knew are happening, but we never got to see.” Kottman said they gained access to Verkada’s system on Monday morning.

Loading

Kottmann said they were able to download the entire list of thousands of Verkada customers, as well as the company’s balance sheet, which lists assets and liabilities. As a closely held company, Verkada does not publish its financial statements. Kottman said hackers watched through the camera of a Verkada employee who had set one of the cameras up inside his home. One of the saved clips from the camera shows the employee completing a puzzle with his family.

“If you are a company who has purchased this network of cameras and you are putting them in sensitive places, you may not have the expectation that in addition to being watched by your security team that there is some admin at the camera company who is also watching,” said Eva Galperin, director of cybersecurity at the Electronic Frontier Foundation.

Tesla said that, “based on our current understanding, the cameras being hacked are only installed in one of our suppliers, and the product is not being used by our Shanghai factory, or any of our Tesla stores or services centers. Our data collected from Shanghai factories and other places mentioned are stored on local servers.”

Bloomberg, with staff reporters