Images captured from hacked surveillance video were posted on Twitter with an #OperationPanopticon hashtag.
“What if we just absolutely ended surveillance capitalism in two days?” a purported member of a group called APT-69420 Arson Cats asked amid a string of tweeted images.
“This is the tip of the tip of the tip of the iceberg.”
The hacker group claimed to have ferreted out credentials of an high level administrator account at Silicon Valley firm Verkada, which runs a platform operating security systems online.
“We have disabled all internal administrator accounts to prevent any unauthorized access,” a Verkada spokesperson said in response to an AFP inquiry.
“Our internal security team and external security firm are investigating the scale and scope of this issue, and we have notified law enforcement.”
Verkada added that it has notified companies that rely on its platform.
Surveillance camera imagery posted on Twitter included a jail cell block and a man wearing a fake beard dancing in a bank storage room.
The Verkada breach shows the risk of outsourcing security surveillance to companies in the internet cloud, according to Rick Holland, chief information security officer at Digital Shadows, a risk protection firm.
“Verkada positions itself as a ‘more secure, scalable’ alternative to on-premises network video recorders,” Holland said.
“You don’t always get more secure when you outsource your security to a third party.”
He said he expected the breach to trigger investigations by privacy regulators in the US and Europe.