Home > Tech > Tech Industry

Major security flaw exposes fingerprints of more than 1 million people

Another day, another data breach
By Marcus Gilmer  on 
Share on Facebook Share on Twitter Share on Flipboard
Major security flaw exposes fingerprints of more than 1 million people
Another breach exposed millions of pieces of data, including fingerprints and passwords of over a million users. Credit: Alexander Supertramp / SHUTTERSTOCK

Exposed passwords are bad enough. But fingerprint and facial recognition data? That’s terrifying.

Suprema's Biostar 2 biometric security system came under scrutiny after vpnMentor and two researchers -- Noam Rotem and Ran Locar -- uncovered a major flaw that exposed the biometric data of more than 1 million people, according to The Guardian.

Biostar 2 is a security platform that, in part, utilizes facial recognition and fingerprints to control access to buildings and other secure facilities. Making the potential breach even worse: Biostar 2 was recently integrated into Nedap's AEOS security platform, which is used for security by thousands of companies and organizations in more than 80 countries.

The researchers said not only was the database unencrypted, but was accessed by tweaking URL search criteria in Elasticsearch, a search and analytics engine. And it contained a lot of data.

Mashable Light Speed
Want more space and science stories in your inbox?
Sign up for Mashable's weekly Light Speed newsletter.
By signing up you agree to our Terms of Use and Privacy Policy.
Thanks for signing up!

The Guardian reported that the researchers "had access to over 27.8m records, and 23 gigabytes-worth of data including admin panels, dashboards, fingerprint data, facial recognition data, face photos of users, unencrypted usernames and passwords, logs of facility access, security levels and clearance, and personal details of staff."

According to vpnMentor, the exposed data was discovered on Aug. 5, 2019. Two days later, they notified Biostar 2 of the issue and by Aug. 13, the database was private. It's not known how long all of that information was accessible and if anyone, particularly bad actors, had gained access to the database.

What's more, vpnMentor reports that Biostar's office was "generally very uncooperative."

SEE ALSO: Amazon claims its Rekognition software can now detect fear

Among the U.S.-based businesses the researchers were able to access data for: co-working space Union and medical supply company Phoenix Medical. But The Guardian notes that organizations that are part of AEOS include "governments, banks and the UK Metropolitan police."

We've reached out to Suprema for additional comment but, for now, you can continue to rest, uh, uneasily knowing that your data will never be fully secure.

Featured Video For You
Judge rules that Feds can't force a person to unlock their phones

Topics Cybersecurity Facial Recognition

Mashable Image
Marcus Gilmer

Marcus Gilmer is Mashable's Assistant Real-Times News Editor on the West Coast, reporting on breaking news from his location in San Francisco. An Alabama native, Marcus earned his BA from Birmingham-Southern College and his MFA in Communications from the University of New Orleans. Marcus has previously worked for Chicagoist, The A.V. Club, the Chicago Sun-Times and the San Francisco Chronicle.

Recommended For You
Taylor Swift is facing criticism for her private jet's CO2 emissions amid Super Bowl speculation
By Christianna Silva
Taylor Swift attends the 66th GRAMMY Awards at Crypto.com Arena on February 04, 2024 in Los Angeles, California.
New climate deniers are making millions on YouTube. But they're lying.
By Chase DiBenedetto
An illustration of a heat map of the world, with the YouTube logo hovering over it.
6 easy ways to live more sustainably (that you still refuse to do)
By Amanda Yeo
An illustration of a recycling symbol with people walking on top of it.
So, how hot will Earth get?
By Mark Kaufman
A black and white Earth with a fire background.
Why your favourite wellness influencer might be pivoting to climate denialism
By Sophia Smith Galer
Illustration of an iceberg, the tip of which is above water. Below water, sit the words "climate change is real".
More in Tech
Celebrate World Book Day by saving up to 80% on Kindle books at Amazon
By Lauren Allain
a person sits outside, under a tree while reading on a kindle device
The wildest lyrics on Taylor Swift's 'The Tortured Poets Department,' from 'Grand Theft Auto' to Charlie Puth
By Elena Cavender
Taylor Swift performing at The Eras Tour in a black and red jumpsuit giving major side eye.
TikTok for Business: Everything you need to know
By Mashable Contributor
TikTok for Business
Sign up for a yearlong membership to Instacart+ for under $85
By Lauren Allain
a person looks at their phone with the instacart carrot on the screen while standing over many bags full of groceries
Get up to 25% off sitewide at Solawave
By Tabitha Britt
Woman using Solawave
Trending on Mashable
NYT Connections today: See hints and answers for April 23
By Mashable Team
A phone displaying the New York Times game 'Connections.'
Wordle today: Here's the answer and hints for April 23
By Mashable Team
a phone displaying Wordle
NYT's The Mini crossword answers for April 23
By Mashable Team
Closeup view of crossword puzzle clues
NASA shows how Mars helicopter did the impossible, and then crashed
By Mark Kaufman
The Ingenuity helicopter snapped an image of its shadow while flying on Mars.
Who's Bluey's baby daddy? Season 3 finale episode 'Surprise' ends on a major mystery
By Kristy Puchko
Bandit plays with Bingo and Bluey in "Surprise!"
The biggest stories of the day delivered to your inbox.
This newsletter may contain advertising, deals, or affiliate links. Subscribing to a newsletter indicates your consent to our Terms of Use and Privacy Policy. You may unsubscribe from the newsletters at any time.
Thanks for signing up. See you at your inbox!