Russian website allows UK webcam and baby monitor feeds to be watched online, warns ICO

Data watchdog urges UK citizens to use strong passwords to prevent hackers from tapping into their cameras

A Russian website that allows people to watch live footage from insecure webcams, baby monitors, security cameras and CCTVs has been discovered.

The website accesses information by using the default login credentials which are easily obtainable and freely available online, for thousands of cameras worldwide.

The Information Commissioner's Office (ICO) has warned UK citizens of the danger of not using strong passwords and has urged them to change their default password as soon as possible.

The ICO has warned UK citizens that the default passwords that many manufacturers use are freely available online. The data privacy watchdog urges those people who have devices without a password to set one up "as a bare minimum".

It added that people should thoroughly read through the manual and familiarise themselves with the security options available to them.

"You may think that having to type in an obscure web address to access the footage provides some level of protection. However, this will not protect you from the remote software that hackers often use to scan the internet for vulnerable devices," the ICO stated.

"In some cases, insecure cameras can be identified using nothing more than an internet search engine," it added.

The Russian website lists streams from more than 250 countries, with 500 feeds from the UK alone including images from a home's driveway in Nottinghamshire and a child's bedroom in Birmingham, the BBC reports.

The Information Commissioner Christopher Graham told the BBC that he wanted to warn citizens that "there are people out there who are snooping".

He urged the site's owners, who have suggested that they are trying to alert people of the dangers of insecure devices, to take the site down, adding that the website would be illegal in the UK.

He said that the ICO will work with the Russian authorities and others to have the website shut down.

The ICO cannot notify people who have been a victim of the breach because of the rules and regulations set out in the Data Protection Act and the Computer Misuse Act.