SolarWind and its owner, SunEdison Inc., said Friday it has patched a security hole in the solar power firm’s system that allowed hackers to upload malicious photos and videos of its staff and customers.
The incident came about in late December after SolarWind employees and customers noticed that the company was not uploading its files regularly, according to a company statement.
The company said it has fixed the problem.
SolarWind was one of the first companies to offer solar power as a service to consumers last year and has since expanded into the residential market.
SolarWind said it discovered the vulnerability by looking at photos of its customers, including the solar panels on homes and businesses, as well as photos posted on social media by other companies that are similar to SolarWind’s solar panels.
In an interview with Bloomberg, SolarWind CEO Steve Hackearsen said he believes the hack to be a case of a security vulnerability.
Hackel said that, in addition to uploading the photos, the company had also uploaded a video showing customers interacting with the company’s solar power system.
Hackearksen said that he did not think there was anything that was nefarious about the photos.
Solarwind’s video and photos were posted on the company website on December 5, 2016.
Solarwind said the company has a zero-day vulnerability and it was notified by the security vendor in mid-January.
Solar Wind said it is working with the security firm to determine how to patch the flaw.
The company’s security director, Mark Johnson, said the flaw was not particularly serious, but he warned that security experts should be aware of the vulnerability.
He said that the photos and video were taken from inside a residential solar power installation and that the images are likely more representative of real-world solar installations.
“This is not something that we would have had in our previous installations,” Johnson said.
“We have never seen anything like this.
We were aware of it, and we have made a concerted effort to mitigate it.”
SolarWind’s security chief said he was confident the company will be able to patch it.
The firm said it will begin sending out notification emails to customers to notify them that it has found the issue.
Johnson said that it is likely that other companies will use the same flaw in the future.
Solar Wind, based in Menlo Park, Calif., was founded in 2008 and has more than 70,000 customers.
It was acquired by the California Public Utilities Commission in June, after the utility commission was sued by SolarWind for failing to protect its customers’ data.
Solar wind customers also include utility companies in New Jersey, Maryland and Washington state.