A cyber-crime network in India exploited the simplest of password mistakes — “admin123” — to gain access to around 80 CCTV dashboards nationwide. Over a span of nine months, approximately 50,000 video clips were illegally obtained from hospitals, schools, malls and private residences, and sold on messaging platforms for between ₹700 to ₹4,000 each.
Breach Origins: A Hospital UnderSecured
The trail starts at the Payal Maternity Hospital in Rajkot, Gujarat, where CCTV footage of women undergoing gynaecological examinations was uploaded to porn websites and Telegram channels. Authorities say the hospital’s CCTV server was compromised because the default password was never changed.
How Hackers Operated
Investigators report that hackers used brute-force bots to exploit systems using the default password “admin123” and similar insecure credentials. Once inside, they accessed and downloaded footage from not only the hospital, but many other insecure systems across at least 20 states, including Mumbai, Delhi, Pune and Ahmedabad.
Wider Implications & Cyber-Security Warning
This case highlights the major risks posed by poor cyber-hygiene in critical settings like healthcare and education. Experts warn that merely installing CCTV cameras isn’t enough — passwords must be changed, firmware updated, and two-factor authentication enabled. Following the breach, law-enforcement agencies issued advisories urging all users of CCTV systems — in homes, offices and institutions — to review their security protocols.
