Hacked CCTV videos from a maternity hospital in India have been sold on Telegram, police say, raising serious questions about privacy and security in a country where such cameras have become commonplace.
Earlier this year, police in Gujarat state were alerted by the media to videos on YouTube - some showed pregnant women undergoing medical exams and receiving injections in their buttocks - in a maternity hospital in a city.
The videos had a link directing viewers to Telegram channels to buy longer videos.
The director of the hospital told the BBC that the cameras had been installed for the safety of doctors. The BBC is not naming the city or hospital to protect the identity of the women in the videos. None of them have filed a police complaint.
Police say their investigation uncovered a massive cybercrime racket where sensitive footage from at least 50,000 CCTVs from across the country was stolen by hackers and sold on the internet.
CCTVs have become ubiquitous in India, especially in urban areas, installed in malls, offices, hospitals, schools, private apartment complexes, and even inside people's homes.
Experts warn that while CCTV boosts security, poorly installed or managed systems can threaten privacy. In India, cameras are often handled by staff without cybersecurity training, and some domestically manufactured models are reportedly easily exploitable.
In 2018, a tech worker in Bengaluru city said that his webcam was hacked, and that the hacker demanded payment in exchange for not sharing his private videos. In 2023, a YouTuber reportedly found out that his home CCTV had been hacked after private videos went viral.
Last year, the federal government asked states to not procure CCTVs from suppliers with a history of security data breaches and also introduced new rules to improve the cybersecurity of CCTV cameras. But hacking incidents like these are still reported.
In Gujarat, police say they discovered a network of individuals spread across the country who were hacking into the video surveillance systems - or CCTV systems - of hospitals, schools, colleges, corporate offices, and even the bedrooms of private individuals in multiple states.
Hardik Makadiya, Gujarat's top cybercrime official, says videos were sold for 800–2,000 rupees ($9-22; £7-17), with Telegram channels offering live CCTV feeds via subscription.
Police have registered a case under various sections of the law, including violating a female patient's privacy, publishing obscene material, voyeurism, and cyber terrorism - which is a non-bailable offense.
Since February, police have arrested eight people in the case - four from Maharashtra and others from Uttar Pradesh, Gujarat, Delhi, and Uttarakhand. They remain in judicial custody as the case proceeds in court.
CCTV systems are often poorly secured, making them easy targets for hackers. Mr. Bhatia suggests that organizations should implement robust passwords for their surveillance systems and conduct audits by cybersecurity professionals.
Experts and advocates emphasize that institutions must better secure their surveillance systems, especially in sensitive areas, to protect individuals' rights and privacy.
As the investigation continues, the need for reform and stricter cybersecurity measures has become increasingly evident in light of these disturbing revelations.
