Government officials in the US and UK are warning people to secure their webcams after websites showing content from such cameras emerged online.
One of the better-known sites, Insecam, appeared to go offline after Thursday’s warnings, but at least one site that posts similar content was still available.
Websites show footage of security cameras used by businesses and in people’s homes, including CCTV networks that secure buildings and even cameras built into baby monitors.
Earlier on Thursday, the UK’s data protection watchdog warned of a Russian-based website that accesses thousands of webcams using their default usernames and passwords, which it says , can be easily found online.
The U.S. Federal Trade Commission also weighed, Warning users to ensure video streams are encrypted and wireless routers are password protected.
“Once you’ve purchased your IP camera, check its security settings and keep its software up to date,” FTC consumer education specialist Nicole Vincent Fleming wrote in a blog post.
Security experts have long warned that failure to change the default credentials on these devices can allow them to be accessed by hackers.
The Insecam.cc domain name was registered through GoDaddy earlier this month, although whoever registered it chose to keep their registration details private in the “whois” domain directory.
The UK Information Commissioner has would have urged the Russian authorities to dismantle the site.
A similar website linked to a Reddit thread was recently still active on Thursday and features vapers from around the world, searchable by country or US state. This site says it finds unprotected webcam streams on the Internet.
“We don’t hack people’s passwords,” the site advised. “We simply locate hidden cameras in search engines, take a snapshot and present them to you here. Snapshots are updated every few hours.”
One stream, titled “Living Room,” shows an elderly woman in Seattle, apparently at home. Another is from a hair salon in Tallahassee, Florida. It was unclear whether some of the streams are meant to be public or were left open by mistake.
Some webcam services use two-factor authentication, which requires a one-time password to access the service in addition to login credentials. This can help prevent unauthorized access if login credentials are compromised.
“The ability to access images remotely is both the biggest selling point of internet cameras and, if not configured correctly, potentially its biggest security weakness,” the office warned. UK Information Commissioner.
GoDaddy, where insecam.cc and insecam.com are registered, said it is not responsible for the sites because the content is hosted on a different service.
“This means that any content that appears when you visit the website is not on our servers and we have no control over it. Since we do not host the website content, users should file a complaint with the web host provider,” said GoDaddy spokesperson Nick Fuller.
Send topical tips and feedback to [email protected] Follow me on Twitter: @jeremy_kirk
Copyright © 2014 IDG Communications, Inc.