On Friday, software engineer Tillie Kottmann’s apartment in Lucerne, Switzerland was raided by police who seized electronic devices, according to a post from their Mastodon account:
my apartment was raided by local police this morning 7am my time and all my electronic devices have been confiscated on request of the US department of justice.
Kottmann had their Twitter account suspended last week, following the revelation that the video streams of 150,000 webcams managed by Verkada had been breached at companies, hospitals, police stations, and jails.
Before having their account suspended, Kottmann had posted on Twitter that they had compromised the corporate networks of CloudFlare and Okta, and “could have probably owned half the internet in like a week.”
Sign up to our newsletterSecurity news, advice, and tips.
Kottmann is alleged to have gained “super admin” access to Verkada’s systems, which granted full access to customers’ video feeds.
Worryingly, especially for a firm which claimed to prioritise its customers’ privacy, it has been claimed that over 100 Verkada employees had “super admin” accounts, as Bloomberg reports:
The use of Super Admin accounts within Verkada was so widespread that it extended even to sales staff and interns, two of the employees said. “We literally had 20-year-old interns that had access to over 100,000 cameras and could view all of their feeds globall ..
Support the originator by clicking the read the rest link below.
