Arcules CEO Threatens Over "Security Breach"

By: John Honovich, Published on Nov 25, 2019

An Arcules employee called out a recent 'security breach', however, Arcules CEO disputed this as 'inaccurate' and threatened to sue IPVM.

Inside this note, we examine:

  • What the Arcules employee claimed was a 'security breach'
  • Arcules CEO response and partial explanation of what happened
  • New VSaaS security concerns, not possible with VMSes
  • False claim that "Arcules is a fully compliant GDPR company"
  • Arcules CEO legal action threat
  • Problems at Arcules

** ******* ******** ****** out * ****** '******** breach', *******, ******* *** disputed **** ** '**********' and ********** ** *** IPVM.

****** **** ****, ** examine:

  • **** *** ******* ******** claimed *** * '******** breach'
  • ******* *** ******** *** partial *********** ** **** happened
  • *** ***** ******** ********, not ******** **** *****
  • ***** ***** **** "******* is * ***** ********* GDPR *******"
  • ******* *** ***** ****** threat
  • ******** ** *******

[***************]

'Security ******'

******** ******* ******** **** shared **** **** **** explained *** *********. *** key ****** **** ** Arcules ******** ****:

* **** **** ****. An ******* ********* *** added ** [********] ******* and ** ** ******* escalated.

**** ** * ******** breach ** ***** ***. Saying ** ** * bug ** ************.

**** ** * ******** matter ** [********] ******** it ***** **** * bug ** *** ****. Please ***** **** ** a ****-***. **** *** need ** ****** **** to *** **-**** ******** moving *******.

** ********, ** ******* employee **** **** *** situation *** **** ***** since *** ****'* **** did *** ******* *** outside ********** ***** ***** by *******:

*** *** ***** *** CIO ***** ***** *** system *** *** *** and ** ***** ** explanation *** ******* *** captured ***** **** ** the *** *****.

CEO ******** *** ******* ***********

***** ** ******** ******* CEO **** ** ******** this ************* *** ****** we ********* **** ****,******* *** ********* *** own ******** ****** *** *****:

*** **** ********* ***** this ******** *** **** Arcules **** ** ******** information *** **** *********:

** ** *****, ***** a **** ******** *** detailed ******** *************, ** know **** ** ** point *** *** ******** information **** ********* ** unauthorized *****, *** ** video ****, ******, *******, or ***** *********** *** accessed, ****, ** *********.

** ** ***** **** someone **** ******* ********** added ** ********** *** that *** *** **** saw **** ********** ****** inside ***** ******* *******. What ** ******* ** what *** ****** ** an ******* ********** ***** added ** ** *** user's ******* **.

** ***** ******* ** clarify, ******* ****** *********, "An ******* ********** ***** not **** ******".

**** ******* ** ***** to ******* ****** **** errors ** ******* **** the ******* ******* ****:

** ***'* ******** *** internal ******** *********, ****** to *** **** ** adjusted *** ******** ******* that **** **** ** the ******* ******

VSaaS ******** ******** ********

**** ** * *********** security ******* **** ***** providers - *** ** they ****** **** ***** employees, ********, ******, ***. do *** *** ****** to * ******** ******* that *** ***** ********?

** ** ********** ********* than *****. ** ** fundamentally ********** *** *********, as ** *******, ** give ****** ****** ** a ********'* ******** ****** for *** ****** ****** that ********* **** *** have ****** ** **** systems. **** ** * proverbial '*** ** *** head' *********, ** ** just *** ********.

**** *******, ******* ** is ******* ** ***** Eye ** ******* ** Verkada, ***., **** ** a ******* *******. *******, by **********, **** ******** access ** ***** ********'* video ************ ****** ********* internal ****** **** ***** local **** ******** (***** their ********** ** ******* are **-****).

** ******* *** ********** or *********** ***** ** integrator, ** ********, * random **********, ***. ****** to * ********'* *******. Arcules *** ***** ************ but ** ** *** from ***** *** **** are ******** **** **** does *** ******.

** *** ** ** an ***** *** *** VSaaS ********* *** ********** for **********-******* **** **** Arcules ***** ***** ********* are *** ***** ** shrug ********* *** *** "I ***'* **** ** you *** ** ** my *********".

False **** *****

*********** *** *******,******* ***'* ******** *********** ******:

**** ** ********** ****** and ************* ** *** same ****** ** ******* CEO '********* *** *****'.

** *** ****, ******* have ***** ***** **** claims ** *** ** Cloud **** ** ******* but **** ****** ** the ***** ** **** GDPR **********. ******* ******** as **** ** **:

******* ** ********* **** its ************ ***** ****.** **** ******* ******** policies, *********, *** ********** that ***** ******* ******* of ****.** *** ******* ** within *** **** ** the ******* **** ********** Regulation (****) ********** **** organizations *** ******* ** a **** ** *******. Arcules ** * ****** of *** ** ***** Code ** ******* *** recognizes ** **** *** make ******* ***** *********.

***** ******* ****** **** the ** ***** **** of ******* **** *** make ******* * '***** compliant **** *******' ** it ******, **** ****? We ***** ******* **** in * ******-** ******* one **** *** *** no ********.

******,***** ******, *** ************ **** runs **** **** ** Conduct ***** **** ****'* Charles ****** **** ****, confirming **** **** ** false:

** ********* *** ****, but ******* ******** **'* not *******. ** ***** be * ******* ** say **** ********* **** adhere ** *** *** are ************* **** *********. With ** ***, **** can *********** ********** [** the ****] ** **** of ***** ******** ** processors. *** *** ***** company.

********, ************** ********* ******* *** EU **** ** ******** **** ***,******* *** *** ********* even *** *********** ********** that **** *****.

*** **** *** *** trust * ******* **** pledges ************ *** ***** but ***** * ******* false ***** ***** ****? And **** ***** ************* does **** ***** ** buyers *** ******* ******* claim **** **** **** fully **** *********?

Legal ****** ******

****** *** ****, ******* CEO ********** ** *** us:

*** *********** ** ******* of ******* ************ *********** could ** ********* ** Arcules *** *** *********, and ** ***** **** be ********* ** **** legal ******.

** ***** ** ********* a **** **** ****** publishing:

*** ***** **** *** information *** ******** / shared ** **** ********, not **. *** ** do *** **** *** confidentiality ** ***-********** ********* with **** *******. **** we *** ***** **** is ******** **********. ** you ******, **** * recommend *** *********** **** us * ***** *** desist ****** ** **** attorneys *** ******* **** grounds *** *** ****** this ***** ******* **.

***** *** ** ******* response **** *******. *** there *** ****** ** grounds *** **** * threat. **** **** ********* us *** ****** ******* does *** ********** **** or ******* ****** **** was * ****** ***** tactic ******* **.

Problems ** *******

** ******, **** ** just *** **** ****** in ******* ******** ******* have ***, ** *** headcount ********* ** ******* in *** **** ****:

********** *** *** *********** management ********, **** **** *** / **** of ***** **** *****. ***, ** **** case *****, ******* ******* employees *** **-********* *** frustrated **** ******.

** ** *** * bit **********. ******* ** the '*****' ** ***** and *********, ** ** has *** *** ********, resources *** ***** * 'startup' ***** ****. ***, yet, ** *********.

** ***** ***** ***** and ********* **** ****** this *** *** ***, as ** ******, ******* in *** ****,******* ** ******* ******** for ********* ***, ** ** ** increasingly ******** *** ***** 'family' **** ****** ***.

Comments (18)

****, **** ** ******* the **** ** ******** I *** ******** **** ** **** ** the "**** ****** *** To ******** **** *******" discussion.

***** ******* ***** * lot ** *******, *** for **** ***** *** be **** ****** **** what **** **** ***** implement ** ***** ***, but **** ***** **** the ******** **** **** you *** ******** *** operator ** ** ******* than *** ***. (**, at ***** ** ***** as ***).

****'* * **** *****. So ******* ** ********* Hik-Connect? ***** ***** ******* do *** ***** ****? :)

** * **** ******* note, * ** ***** all ***** ***** ************ providers *** ***** ** have ** ********* ****** their ******* / ********** for ******** ****** ** accounts / *****. *** will ***** **** ** trust **** **** **** are ****** ** ******** / ******* *** ** least ** ******** ***** some ******* / ******* to ******** ******.

****'* * **** *****. So ******* ** ********* Hik-Connect? ***** ***** ******* do *** ***** ****? :)

*******. ** *** ******* access ** **** **** to * ***** ***** it ****** ** ********** secure. ** ***** ***** services ** ** ******** best ** ****** **** someone **** ** ******* at **** ****.

VSaaS ******** ******** ********

* ****** *** ***** VSaaS ********* *** ******* with ****.

#*, ** **** ** including **** ******** / topic ** ****** ***** tests *** *********, ******.

*'* ******* ******* ** the *******.

*****: ** *** ************ **** **** ******* CEO ** ******* ***** 'open'*** ***********', ** ******** comments:

***** ******** *** ** painful *** ******* ** deal ****, ******** ******* to ******** ***** ***'* thoughts *** ******* ** sharper ***** *** **** to ******* **** ******** and ****************.

*** ** * ****** integraor ***** ** *** account? ** ******* **** was ******* ** *** project *** *** *** supposed ** ** *****?

* ***'* **** *** the ********** *** ** how **** **** ******* [or ***] ** *** customer, **** **** *** customer ******** ******** ** them ***** ***** *** viewed ** ** * security ******.

**** ********* **** **** Andreas. **'* *** **** old "** *** *** victim ****" ***-*****. ******** the ******** ** * snitch **** **** ******** motive ** **** *** icing ** *** ****.

* **** ** ****** to ******* **** ******* is *** ****** ** worse **** ****** **** in ***** ******** ** account ******. ****'** ******** better **** ****** *** their **** **** ** Ukraine, *** ****'* ** extreme ******* - *** evidently********** ***'* ****** ****. I ***** ***'** **** that **** ** *** case **** ** ****.

** *********, *** ******** is ******* - **'* a ******** **** **** Arcules ********* ************ *** add **** ******** (*/* logging **!). **** *** probably ***** *** ******* as **** (******** */* having ** ****** * user ******* ** ***** customers ******). *** ******** many ***** *** ****** is ****: ** ****?

* ***** **'** ********* overestimating *** ***** ****** *** ************** ** *** ******* users, *** **'** ********* the ********** ** **. Only ** **** ** using ** ** **** each ***** **** *** head. *** *** ***** making *** ***** ** unreasonable *********** ***** ******* and ********** ******** ******'* razor.

**** ********* *** ** confusing ** ****** *********, who ****** *** ********* are ***** *******. *** employee **** ********* * security ****, *** ** their ********, *** ** met **** ****** *** meh's... ***** ******** **** the ******** *** **** no ******* **** *** company, *** **** ***** reaches *** ** ****, and *********** ** * *********** ****** ** ******** not ******* ***** *******.

** ** ****, ***** are ***** ***** ******** plays * ***** ****, but ****** **-*** *** takes ******** ********* ***** use * ***** ********, or **** ******** ****** their ***/***/*** ******** ** the ********.

*'* ******** **** *** whistleblower, ******, ***, ******** you **** ** **** him/her ** ** **** being ********** (** *******). I **** ****'* *** case, ********* **'* ****** clear **** **** ** not *** ***** ** share **** *********.

****** **-*** *** ***** security ********* ***** *** a ***** ********, ** even ******** ****** ***** VMS/NVR/DVR ******** ** *** Internet.

****'* *** *******. **** their ******** ********, * saw * ***** ********* that *** ********* ***** and ******* **** *** a ******* ********* **** that *** ***** (** at ***** ********) *******.

** ***** * ***** with *** ***** **** Ring ********* *** ****** about*** **** / ******* security ********, ******* ** ***** after ***** *** ************* customers **** ********** ****.

** **** *****, ******, I *** ********* ***** customers ***** **** ******** Arcules, ***** ***** ******* issues *** ******* ***** of ******* *****-********* ******* inside ***** ***********. **** said, ******* *** * lot ** ***** *** connections *** *********. *** question ******* *** ******* close / **** **** such ********.

****** **-*** *** ***** security*********

***** ********. **** ******* you're *** **** *** mean *** **** ** seriously.

********?

**** ** **** ******** - *********

**** ******* ***'** *** does *** **** *** take ** *********

***, ***** ********* ******* they **** ** *********. Now ******* **** ** or **** **** ********** of '***********' ** ******* question.

*** ***** ******** ** this ********** ***** ***** to *** ******* ***** a **** ****** ***** of *********** **** **** average **** ********, ******* we *** ***** ** that?

*'** ***** **** **** customer **** ** *********, and ******* (*********) ****'* - ***** ** *********. Since * *****'* **** the ******, * ***'* know *** **** *** whistleblower ****** *** **********, but ** ***** ** me **** ******** *** to *** *** *** last ****** *** ** here ** ***. **** users **** ****** ******** against ******, *** *****'* probably * *********** ****** in *** *** **** EULA ***** **** **** of *****.

*'** ***** **** **** it *********, *** ** weird ***; **** ** I *** "*******" ***** my ****** ** ******* a *** ** ******** about *** ************ ** a *** ********* *** worrying * ***, *** never ******** ********** *** living ** * **** of ******, ****** *** fried *******.

* ****** *** *** at *** ******* **** tell *** **** ***** chicken ** *** ******** bad *** ***, ************ ***** *** ***** granddad *** *** * bucket ** ******* ***** day, ****** ** ********** cigarettes * *** *** lived ** ** *** (he ******** **** ****** in ** ******** ******* since *** ****** *** of *).

****, * ** ************ here, *** ** *** question ** - *** an *** **** ********** expect * ****** ***** system, ***** - ********* - ******* ******** **** "secure" *****.

* *****, ** *********, it *** ** **** - *** **** * level **** **** * would ******** ****, ** I ***'* ***** *** clients *** ******** **** Arcules *** ******** **** it, *** **** ********* how ** ***** ******** (which ** *** * will ***** ** **** now **) ***** *** able ** *** **** random **** ** ***** account. **** **** ** thing **** ****** ***. Like **** *** *********** find * ******, ****** piece ** **** ** the ****** ** * restaurant, *** *** ***** (predictably) **** "**** *** a ***-**** ********, *** we ******* ** ***** up ****** ** *******!".

* ***** ****** ******* about ** * ****** longer, *'** *** ****: I ***** *****'* * case *** ***** **** for ********* **** *** serious ***** ********. *** question ** - *** do *** ***** **** a ***** ******** ** secure ******* ****** *** code ******** *********?

**** * *****. **** rules *** ************ ****/**** solutions:

*** ******** *** ** access ** *** ******** related **** ** **************.

* ********’* ************* *** no ****** ** **‘* own (*****) *******. **** a ********‘* ************* *** no ****** ** ** (we *** *** ** end **********).

*** *****/*************/******** *** ** be ********** ** * protected ********. * ************ of **** ******** *** to ** ********* ** documentated (** *** * blockchain).

***** *** ******* **** rules ******* ************ ******* providers **** ******* ********** from *** *********. *** they *** ********* ** well ***** **** ********** and **** ******** **** and *****. * ***** solution ******** ** * technical *** * ********** part. **** ** ******* her.

*****

* *** ******* ******* security ** **** **** "network ********" *** * packet ****** ** * router. ** **** **** very *** ****** *** access ** *** *** resources. **** ******* *** shifted ************. *** ******* is *** ***** ******** per **, ** ** that ***** ********* **** rely ** ***** *** not ** ** ***** about ******** ******** ** you ***. *** *******, I ***** *** ****** with ***** ***** *********** on * ****** **** on ***** ********. * see ****** **** *** casual ***** *** ************ they ******** ** ***** cellphones.*** ***** **** ***** is * ******* ***** with ******** ** ** IoT ***********, *** **** people **** **** ****** to * ******* ********, the **** ******** ** is.**** ***** *** ****** were ****** ******* * 3rd ***** ******* *** A/C *********** ********** ******* to ***** ***. **** malware ****** **** ******** thermostats ** *** ******** network. ** *** **** few ****** * **** spoken **** **** *********** that, ** ***** ***** for ********* *******, *** pushing ***** ********* **** Arcules. * ** *** suggesting **** ***** ******** should ***** ** **********. What * ** ********** is **** ** ** a ******** **** ****** not ** ***** *******. The ******** ***** *** not ********** *** *********** would ** **** ** cover ***** *** ******** strategies **** ***** *******.

******: ******* *** ******* its ***** **** *****,******** *** ****** * **** **** qualified / ******* *****:

Login to read this IPVM report.
Why do I need to log in?
IPVM conducts unique testing and research funded by member's payments enabling us to offer the most independent, accurate and in-depth information.

Related Reports

Ireland National Children's Hospital Chooses Hikvision End-to-End With Facial Recognition on Dec 05, 2019
The world's most expensive hospital project ever, the New Children's Hospital in Ireland, has chosen an all-Hikvision surveillance system including...
Ultinous European Analytics Startup Company Profile on Dec 04, 2019
European analytics-startup Ultinous pitches customers to "Have your own video analysis service!" We spoke to Ultinous to better understand their...
Arcules CEO Retracts False GDPR Claim + Dahua and Milestone Claims Examined on Dec 03, 2019
Arcules CEO has retracted a false claim about his organization being a "fully compliant GDPR company" after IPVM reporting (Arcules CEO Threatens...
Wyze Fires Back at JCI - Your Patents Are Invalid, Pay All Of Our Costs on Nov 18, 2019
Goliath JCI targeted startup Wyze this summer alleging the fast-growing consumer startup was violating a slew of JCI's patents. Now, Wyze has...
Hikvision CEO And Vice-Chair Under PRC Government Investigation on Nov 14, 2019
In a surprising and globally covered move, Hikvision CEO Hu Yangzhong and Vice-Chairman Gong Hongjia are being investigated by China's securities...
Rhombus Cameras, VMS and Analytics Tested on Nov 06, 2019
Rhombus boasts they have created "the new standard in Enterprise, cloud-managed video security" and told IPVM in January 2019 they offer twice the...
100+ Companies Profile Directory on Nov 06, 2019
While IPVM covers the largest companies in the industry regularly (like Axis, Dahua, Hikvision, etc.), IPVM strives to do a profile post on each...
France Declares School Facial Recognition Illegal Due to GDPR on Oct 31, 2019
France is the latest European country to effectively prohibit facial recognition as a school access control solution, even with the consent of...
Milestone XProtect 2019 R3 Tested on Oct 30, 2019
Milestone has had problems over the last few years releasing significant new software. Now, in XProtect 2019 R3, Milestone is touting "one search...

Most Recent Industry Reports

Video Surveillance 101 Course Opened on Dec 12, 2019
IPVM is adding a Video Surveillance 101 course, designed to help those new to the industry to quickly understand the most important terms,...
Verkada Notification Outage on Dec 12, 2019
Verkada is suffering an event notification outage and analytic search failures. Inside, we examine what the issues are, what Verkada told IPVM...
Hikvision DS 2nd Gen Intercom Tested on Dec 12, 2019
With its newest IP intercom, Hikvision proclaims users can 'get full control over an entrance' regardless of where it is installed, home or office...
Honeywell 30 Series Cameras Tested Vs Dahua and Hikvision on Dec 11, 2019
Honeywell has infamously OEMed Dahua and Hikvision for years, but now they have introduced an NDAA-compliant line, the 30 Series, claiming "lower...
"Good Market, Bad Business Models" - Residential Security on Dec 11, 2019
Industry banker John Mack, at his company's annual event, took aim squarely at the problems in the residential security...
IP Camera Browser Support: Who's Broken / Who Works on Dec 10, 2019
For many years, IP cameras depended on ActiveX control, whose security flaws have been known for more than a decade. The good news is that this is...
Acquisitions - Winners and Losers on Dec 10, 2019
Most major manufacturers have been acquired over the last decade. But which have been good deals or not? In this report, we analyze the...
IP Camera Installability Shootout 2019 - Avigilon, Axis, Bosch, Dahua, Hanwha, Hikvision, Uniview, Vivotek on Dec 09, 2019
What are the best and worst cameras to install? Which manufacturers make it the hardest or easiest to install their cameras? We tested 35 total...
Viisights Raises $10 Million, Behavior Analytics Company Profile on Dec 09, 2019
Viisights, an Israeli AI analytics startup marketing "Behavioral Understanding Systems", announced $10 million Series A funding. We spoke to...
Disruptor Wyze Releases Undisruptive Smartlock on Dec 06, 2019
While Wyze has disrupted the consumer IP camera market with ~$20 cameras, its entrance into smart locks is entirely undisruptive. We have...