Bitsight TRACE found more than 40,000 security cameras openly accessible on the internet, causing concerns that attackers may leverage the exposed cameras for espionage, stalking, extortion, and launching cyberattacks.In a blog post dated June 2025, Bitsight TRACE outlined the privacy concerns for home users, but also pointed out how the exposed cameras could harm businesses of all stripes.The researchers said malicious actors could use the footage from the cameras to map blind spots or track employee movements to plan unauthorized access to data centers and small IT closets.In office situations, a malicious actor could watch the security camera and wait for the staff to leave before sneaking into the office. These same bad actors could watch what employees are doing and what information is displayed on their screens. At retail stores, burglars can remotely monitor store opening and closing hours to plan a break-in when nobody is working. They can also view the footage to identify cash registers and safes, and plan the best ways and times to steal them. At factories, bad actors can witness proprietary manufacturing processes via the cameras.The vast majority of the 40,000 exposed devices were found in Japan and the United States, primarily in California and Texas. The telecom sector was the main vertical with exposed cameras.“IP cameras and IoT devices in general are among the most easily hacked devices within an organization because they often are setup without security in mind, do not have their firmware updated regularly, and are not on hidden or segmented networks,” said John Gallagher, vice president at Viakoo.Gallagher said the numbers in this Bitsight report are likely very underestimated: if there are 1 billion IP cameras operating worldwide, Gallagher said just 1% being exploitable would be 10 million cameras. For example, Gallagher said the Mirai botnet army discovered in 2016 peaked at about 600,000 infected IoT devices, primarily physical security devices, so 40,000 is minor in comparison. “So, whether it’s ‘Big Brother’ or cyber-criminal gangs, yes, they are watching us,” said Gallagher. “ Often IP cameras are used within a cyber kill chain to perform reconnaissance, or to host malware that can use lateral movement and it’s placement on the network to access more sensitive corporate data.”Nic Adams, co-founder and CEO at 0rcus, said the "discovery" of 40,000 exposed cameras isn't a discovery at all. Instead he called it a “glaring, unblinking affirmation of pervasive, profound incompetence.”Adams said we're witnessing the consequence of "utterly deplorable" security practices. He said this includes, but is not limited to: relying on default, easily guessable credentials; widespread deployment of devices riddled with unpatched, publicly-known vulnerabilities, often with firmware so outdated it's prehistoric; lack of robust, granular access controls; absence of secure boot mechanisms and integrity checks; and a fundamental disregard for secure-by-adversary principles from inception.“I also see the complete abandonment of rigorous vulnerability management post-deployment, which leaves wide-open holes for even the most amateur threat actor to exploit,” said Adams. “Beyond surveillance, such vulnerabilities provide entry points for data exfiltration, ransomware attacks that paralyze entire organizations, plus the conscription of devices into weaponized botnets for DDoS attacks which devastate vital infrastructure.”
Endpoint/Device Security, Breach, Privacy
40,000 security cameras exposed, raises espionage concerns
(Adobe Stock)
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news
You can skip this ad in 5 seconds