Facial recognition firm Clearview AI reveals intruders stole its client list

Source https://www.liberties.eu/en/stories/facial-recognition-clue-article/15661

Bad news for the controversial facial recognition startup Clearview AI, hackers gained “unauthorized access” to a list of all of its customers.

The controversial facial-recognition company that contracts with law-enforcement agencies announced that attackers have gained unauthorized access to its entire client list. The company already informed its customers of the security breach.

The startup came under scrutiny after media reported that it had scraped more than 3 billion photos from social media (Facebook, YouTube, and Twitter) for facial recognition purposes.

The company has been hit with class-action lawsuits by American citizens, but the company refused any accusation remarking that it was authorized by the First Amendment to scrape public data.

“In the notification, which The Daily Beast reviewed, the startup Clearview AI disclosed to its customers that an intruder “gained unauthorized access” to its list of customers, to the number of user accounts those customers had set up, and to the number of searches its customers have conducted.” reported the Daily Beast that had access to the notification sent by the company to the customers.

The company pointed out that its servers and its network were not breached by the attackers. The startup also announced to have fixed the vulnerability that allowed the attackers to access the client list, the good news is that attackers did not obtain any law-enforcement agencies’ search histories.

Stolen records include customer names, the user accounts that the customers had set up, and the number of searches that they ran.

“Unfortunately, data breaches are part of life in the 21st century. Our servers were never accessed. We patched the flaw, and continue to work to strengthen our security,” said Tor Eklund, an attorney representing the company.

[adrotate banner=”9″]

[adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs –hacking, Clearview AI)

[adrotate banner=”5″]

[adrotate banner=”13″]

Pierluigi Paganini

Pierluigi Paganini is member of the ENISA (European Union Agency for Network and Information Security) Threat Landscape Stakeholder Group and Cyber G7 Group, he is also a Security Evangelist, Security Analyst and Freelance Writer. Editor-in-Chief at "Cyber Defense Magazine", Pierluigi is a cyber security expert with over 20 years experience in the field, he is Certified Ethical Hacker at EC Council in London. The passion for writing and a strong belief that security is founded on sharing and awareness led Pierluigi to find the security blog "Security Affairs" recently named a Top National Security Resource for US. Pierluigi is a member of the "The Hacker News" team and he is a writer for some major publications in the field such as Cyber War Zone, ICTTF, Infosec Island, Infosec Institute, The Hacker News Magazine and for many other Security magazines. Author of the Books "The Deep Dark Web" and “Digital Virtual Currency and Bitcoin”.