Hacking Group Claims to Have Access to over 50,000 Home Security Cameras

Data breaches have become part of our everyday reality affecting governments, businesses, and individuals alike. In this blog post series, we take a look at recent breach incidents, analyse how they happened, and examine what can be done for your protection. 

What Happened?

A hacker collective sold access to over 50K home security cameras, some of which included footage of children. The gang, which has over 1000 global members, used the instant messaging platform Discord to advertise the footage. It offered lifetime access to the material for a one-time fee of $150. Reportedly, the victims come from all over the globe, including Thailand, South Korea, Singapore and Canada.

What Information Was Involved?

As a result of a breach, the group claimed to have shared 3TB worth of clips from home security cameras. As proof of the hacks, they offered a free sample containing 700MB worth of data, including over 4,000 clips and pictures.

The New Paper, which broke the story, reported, “Clips from the hacked footage have been uploaded on pornographic sites recently, with several explicitly tagged as being from Singapore.” 

Along with the existing video clips, the gang is claiming to have a list of over 50K cameras on its files that can be recorded and watched live. Some of the clips feature victims in compromising positions, including breastfeeding mothers, and school children in various states of undress.

What Are the Risks to You?

Camera hijacking: If you use home security cameras connected to the web there’s a high risk of a camera hack. This can be used to spy on you and even record from your camera’s video. In many cases hacks happen when IoT devices are deployed without proper security measures. If your IP camera doesn’t  support current wireless security protocols, like WPA2, it doesn’t encrypt the information it sends, which means other people could view and broadcast your feed. Hackers can also access your footage if you use and reuse default or insecure passwords.

Increased burglary risk: In the wrong hands, your footage lets bad actors analyse your behaviours and discover patterns to predict when you, the homeowner, are most likely to be in or out of the house. They don’t even have to watch all the footage – many cameras are  designed to upload data every time motion is detected. This creates a predictable pattern that allows viewers to know when someone is in the home. 

Your private information exposure and abuse: Every now and then we hear stories about hacked cameras. Leaked videos can end up in gutter press or even on porn sites and can cost people their reputation, peace of mind, and security. 

Is There Anything You Can Do?

We recommend you follow these security guidelines to help you secure your IoT devices and avoid a data breach involving your camera:

#1 Use strong passwords 

Anyone with ill intentions can get access to your sensitive information using default passwords set up by the device manufacturer. Don’t underestimate the need for a strong and unique password or passphrase for your camera or another IoT device.

#2 Keep the software up-to-date

Before using your IP camera, visit the manufacturer’s website to look for the latest version of the software available for download. After the installation, download the updates as soon as they become available.

#3 Enable your camera’s security features

Turn on your camera’s wireless security protocol (WPA2 or another current data encryption protocol). In addition, make sure that the login page for your camera has a URL that begins with https. If it doesn’t, the username and password you enter won’t be encrypted, and other people may be able to access them. 

#4 Choose a reputable vendor with a proven track record of manufacturing properly secured devices that they regularly update and patch during its lifecycle.

#5 Be aware of recent cybercrimes to be on top of the latest digital trends and risks we face:

Stay Informed

To protect your identity, use the precautionary steps above and follow us on Facebook and Twitter for future data breach alerts.

Click here to view our protection plans and sign up for our free trial to keep yourself safe online.

Remove your sensitive info from the web

OneRep’s algorithm scans 196 data brokers and removes your records from all people-search sites that publish them

Maria Shishkova

Digital Marketer & Privacy Expert at OneRep | LinkedIn