Verkada allowed at least 100 employees, including interns and sales staff, to access customers’ camera feeds

Verkada camera security surveillance system

On Monday, a group of hackers breached Verkada, gaining access to live and archived footage from 150,000 of its customers’ private security cameras.

As it turns out, the accounts they used to access those feeds were widely available to Verkada employees as well.

Verkada allowed at least 100 employees, including interns and sales staff, to access “Super Admin” accounts, giving them the ability to view customers’ cameras, Bloomberg reported Wednesday.

A Verkada spokesperson told Insider it had “previously limited access to internal administrator accounts to engineers and support staff so they could address customers’ questions and technical issues,” and that it required them to get customers’ “explicit permission” before accessing their feeds.

“We have verified that our system is secure and have already restricted administrator access as we conduct a review of our policies and permissions,” the spokesperson added.

But Bloomberg’s reporting found Verkada employees had repeatedly raised concerns about widespread Super Admin access and the ease with which employees could circumvent security measures meant to prevent them from abusing that access.

The independent research firm IPVM also reported earlier on Wednesday that Verkada didn’t disclose to customers when its employees viewed their camera feeds, even for troubleshooting technical issues.

Verkada told Insider that it logs employees’ actions and will review them as part of its internal investigation, and that it will discpline and, if appropriate, terminate employees found to have accessed customer data in violation of its policies.

Verkada previously came under fire over internal access to its cameras after a report surfaced accusing male employees of using the company’s cameras to take photos of female employees and share them in a private Slack channel. After initially disputing the report, Verkada eventually fired the male employees involved, following a separate investigation by Vice News.