Government officials in the U.S. and the UK are warning people to secure their webcams after websites that broadcast the contents of those cameras have sprung up online.
One of the better-known sites, Insecam, appeared to have gone offline after the warnings Thursday, but at least one site that publishes similar content was still available.
The websites show footage from security cameras used by businesses and in people’s homes, including CCTV networks that secure buildings and even cameras built into baby monitors.
Earlier Thursday, the U.K.’s data protection watchdog warned of a website based in Russia that accesses thousands of webcams using their default logins and passwords, which it said can be easily found online.
The U.S. Federal Trade Commission also weighed in, warning users to ensure video feeds are encrypted and that wireless routers are protected by passwords.
“Once you’ve bought your IP camera, check its security settings and keep its software up-to-date,” wrote Nicole Vincent Fleming, a consumer education specialist with the FTC in a blog post.
Security experts have long warned that not changing the default credentials on such devices can allow them to be accessed by hackers.
The domain name Insecam.cc was registered through GoDaddy earlier this month, though whoever registered it chose to keep their registration details private in the “whois” domain directory.
The U.K. information commissioner has reportedly urged the Russian authorities to take down the site.
A similar website linked to in a Reddit discussion thread recently was still active Thursday and offers steams from around the world, searchable by country or by U.S. state. That site says it finds the webcam streams unprotected on the Internet.
“We do not hack people’s passwords,” the site advised. “We simply locate cams hiding away in search engines, grab a snapshot, and present them to you here. The snapshots update every few hours.”
One feed, titled “Living Room,” shows an elderly woman in Seattle, apparently in her home. Another is from a barber shop in Tallahassee, Florida. It wasn’t clear if some of the feeds are intended to be public or have been mistakenly left open.
Some webcam services use two-factor authentication, which requires a one-time passcode to access the service in addition to login credentials. That can help prevent unauthorized access if the login credentials are compromised.
“The ability to access footage remotely is both an internet cameras biggest selling point and, if not setup correctly, potentially its biggest security weakness,” the U.K.’s information commissioner’s office warned.
GoDaddy, where insecam.cc and insecam.com were registered, said it’s not responsible for the sites because the content is hosted on a different service.
“This means that any of the content appearing when you visit the website is not on our servers and we do not have control over it. Since we do not host the content of the website, users would need to file a complaint with the Web hosting provider,” said GoDaddy spokesman Nick Fuller.