Police raid apartment of alleged Verkada hacker, as questions asked about employees’ access to customer video feeds

Police raid apartment of alleged Verkada hacker, as questions asked about employees' widespread access to customer video feeds

On Friday, software engineer Tillie Kottmann’s apartment in Lucerne, Switzerland, was raided by police who seized electronic devices, according to a post from their Mastodon account:

Mastodon post

my apartment was raided by local police this morning 7am my time and all my electronic devices have been confiscated on request of the US department of justice.

Kottmann had their Twitter account suspended last week, following the revelation that the video streams of 150,000 webcams managed by Verkada had been breached at companies, hospitals, police stations, and jails.

Before having their account suspended, Kottmann had posted on Twitter that they had compromised the corporate networks of CloudFlare and Okta, and “could have probably owned half the internet in like a week.”

Sign up to our free newsletter.
Security news, advice, and tips.

Kottmann is alleged to have gained “super admin” access to Verkada’s systems, which granted full access to customers’ video feeds.

Worryingly, especially for a firm which claimed to prioritise its customers’ privacy, it has been claimed that over 100 Verkada employees had “super admin” accounts, as Bloomberg reports:

The use of Super Admin accounts within Verkada was so widespread that it extended even to sales staff and interns, two of the employees said. “We literally had 20-year-old interns that had access to over 100,000 cameras and could view all of their feeds globally,” said one former senior-level employee, who asked not to be identified discussing private information.

According to the latest update from Bloomberg, the warrant used to search Kottmann’s apartment related to an investigation into Kottmann’s alleged unauthorised access to protected computers, identity theft, and fraud.

In the past Kottmann has claimed responsibility for leaking data from Nissan North America, Mercedes-Benz, and Intel.

Graham Cluley is an award-winning keynote speaker who has given presentations around the world about cybersecurity, hackers, and online privacy. A veteran of the computer security industry since the early 1990s, he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows, makes regular media appearances, and is the co-host of the popular "Smashing Security" podcast. Follow him on Twitter, Mastodon, Threads, Bluesky, or drop him an email.

What do you think? Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.