Security systems manufacturer Verkada has confirmed that it has suffered a cyberattack, targeting one of its Jenkins servers, leading to a data breach.
The security incident is suspected to have started on 7th of March and lasted until 9th of the same month. The cybercriminals gained access to the IT network after obtaining the necessary credentials to bypass the authentication system, including two-factor authentication.
There is no evidence that user passwords or password hashes, the internal IT network, as well as financial or other Verkada business systems, have been compromised. There is also no evidence that the firmware of the equipment has been tampered with or that the execution of shell commands has had a malicious intent against customer networks.
In response, new computer firmware integrity checks have been implemented, all systems have been secured and all affected customers and authorities, such as the FBI, have been informed.