More than 40,000 internet-connected cameras worldwide are streaming live video without any security protections, according to a new study by cybersecurity firm BitSight. The exposed feeds come from a range of locations, including homes, hospitals, offices, and factories.

According to BitSight, the United States leads all countries with approximately 14,000 unsecured cameras, many located in sensitive sites such as data centers and healthcare facilities. 

Japan, Austria, Czechia, and South Korea rank just behind the U.S. on the list of 193 countries with identified unsecured cameras.

BitSight researchers warned that such access could be exploited for espionage, criminal planning, or corporate theft. “It should be obvious to everyone that leaving a camera exposed on the internet is a bad idea,” BitSight said.

BitSight’s João Cruz emphasized that many of these cameras do not require hacking to view. “In most cases, a regular web browser and a curious mind are all it takes,” he said. “That 40,000 number is probably just the tip of the iceberg.”

BitSight urges users to secure their cameras by changing any default passwords, checking for exposure using tools like Shodan.io, and following the product manual’s protection guidelines. If a camera does not need to be online, disconnecting it from the internet is the safest way to reduce risk, they said.

BitSight also advised organizations managing security cameras to restrict access using firewalls and VPNs, ensuring that only authorized personnel can view the feeds and blocking connections from untrusted sources. 

They emphasized the importance of monitoring for unusual activity by setting up alerts for unexpected login attempts or other suspicious behavior.