The Quebec Liberal Party (PLQ), a federalist provincial political party in Canada, fixed a security issue in their video conferencing software that allowed an unknown hacker to spy on their meetings and even access the video camera feeds when he wanted.
Fortunately, the man that gained access to this system had no malicious intent, and appropriately disclosed the issues to the PLQ staff, so they could secure their system.
PLQ video conferencing system used default admin password
The unnamed white hat told Canadian journalists that the PLQ’s software contained both a security flaw and also used the factory default password, according to the.
The hacker said he accessed the party’s video feeds during PLQ meetings. He said he logged into the video conferencing software multiple times and observed PLQ meetings on different occasions.
The white hat wanted to remain anonymous and asked a reporter of Le Journal de Montreal to report the issues on his behalf. To validate his intrusion claims, the hacker told the reporter about some of the topics discussed in the meetings.
Additionally, the hacker was also able to start the video feed from PLQ’s cameras on demand, and have a look at the party’s HQ whenever he wished. The hacker provided screenshots to prove his claims.
PLQ acknowledges hack, fixes issues
PQL officials confirmed the breach but said that no sensitive, nation-level issues were ever discussed in these meetings. It appears the hacker spied on meetings between PLQ’s Quebec and Montreal branches.
After spending a few days investigating the issue, PLQ officials have told the reporter that they fixed the illegal access bug and have changed the video conferencing software’s default password.
PLQ officials did not say if the hacker used the default password or the security bug to access their network.