Default passwords and outdated firmware are turning your home camera into a public livestream, report warnsThousands of exposed webcams are offering a front-row seat into private and corporate lifeA simple web browser is all it takes to peek into 40,000 unsecured camera feeds
Thousands of internet-connected webcams, intended to enhance safety and convenience, are now unintentionally offering a window into private lives and secure environments.
Research by Bitsight claims over 40,000 webcams around the world are publicly accessible online, often without their owners’ knowledge.
These include security cameras, baby monitors, office surveillance systems, and even devices inside hospitals and factories.
A growing digital threat, not a hypothetical one
The investigation highlights just how easily accessible these cameras are.
“No passwords. No protections. Just out there,” wrote João Cruz, Principal Security Research Scientist at Bitsight TRACE, noting it requires neither elite hacking skills nor expensive software. In many cases, all it takes is a web browser and a valid IP address.
“We first raised the alarm in 2023, and based on this latest study, the situation hasn’t gotten any better.”
Exposed footage ranges from innocent scenes, like bird feeders, to far more sensitive views, such as home entry points, live feeds from living rooms, whiteboards in office spaces, and even operations inside data centers.
Worryingly, disturbing conversations have emerged on dark web forums, where some users share methods for locating exposed cameras, or even sell access to live feeds.
“This isn’t hypothetical: this is happening right now,” Cruz emphasized.
The United States leads with roughly 14,000 exposed cameras, followed by Japan, Austria, Czechia, and South Korea. These aren’t isolated incidents but part of a broader failure in how internet-connected cameras are deployed and managed.
Bitsight’s team scanned for both HTTP- and RTSP-based cameras, and the results suggest these figures may only scratch the surface.
Many of the exposed devices result from basic setup errors: default credentials, open internet access, and outdated firmware that leave systems vulnerable.
While vendors and manufacturers must improve device security, users also share responsibility.
Choosing products vetted for cybersecurity can help, but users should also pair their camera setups with tools like leading antivirus software and top-rated parental control solutions, which often include network monitoring to flag unusual access or unprotected devices.
Ultimately, private users should always check remote accessibility settings, change default passwords, update firmware regularly, and, especially for enterprises, enforce firewall protections and require VPN access.
You might also like
These are the best VPN with antivirus solutionsTake a look at our pick of the best password managersEpson launches subscription where you pay “just” $7.99 to rent a printer and print 50 pages every month