A cybersecurity company hired to protect corporate networks was hacked in April 2026 - not through sophisticated malware, but because its administrator accounts had no multi-factor authentication. The BePrime breach exposed live surveillance camera feeds at some of Latin America's largest corporations, including Iberdrola, ArcelorMittal, and Alsea, the operator of Starbucks and Domino's restaurants across the region.
12.6 GB Leaked, 1,858 Devices Compromised
A threat actor known as "dylanmarly" breached BePrime, a cybersecurity and network connectivity firm headquartered in Nuevo Leon, Mexico, on April 20, 2026. The attacker leaked over 12.6 GB of data including API keys, network configurations, and administrative credentials. From there, they took control of 1,858 network devices - switches, routers, and access points - affecting more than 2,600 connected endpoints across BePrime's client base.
The Attack Vector: No MFA on Admin Accounts
The entry point was not a zero-day exploit or an advanced persistent threat. BePrime's privileged administrator accounts had no multi-factor authentication enabled. The attacker simply logged in. This is one of the most basic failures in cybersecurity hygiene - and in this case, it gave a single individual full access to the networks of dozens of major corporate clients simultaneously.
Live Camera Feeds Exposed in Real Time
BePrime managed Cisco Meraki Vision surveillance systems for its clients. Once inside the network, the attacker obtained the API keys needed to access the Meraki dashboard. Screenshots published as proof showed live camera feeds actively monitoring office workspaces and facilities at client locations. Employees at Iberdrola, ArcelorMittal, Whirlpool, and Alsea were being watched in real time - by an unauthorized third party who had walked through an unlocked door.
Supply Chain Risk: One Breach, Many Victims
The affected clients include major multinationals: Iberdrola (global energy), ArcelorMittal (world's largest steelmaker), Whirlpool, and Alsea - the Latin American operator behind Starbucks, Domino's Pizza, and Vips restaurants. Each trusted BePrime to manage critical network infrastructure. One breach at the provider level simultaneously compromised all of them. This is the core risk of supply chain security: a single weak link at a managed service provider can expose an entire ecosystem of clients, none of whom made any security mistake themselves.
The Response: Legal Threats Against Journalists
When investigative journalists reported on the breach, BePrime did not respond with transparency or prompt client notification. Instead, the company threatened legal action against the reporters covering the story. This reaction - silencing media coverage rather than addressing the vulnerability - is itself a warning sign about how the company handles the sensitive security responsibilities its clients have entrusted to it.
