New Delhi: A major data breach has been reported that exposed biometric information like facial recognition records, fingerprints, log data and personal information like passwords of millions of people on “a publicly accessible database”.
Israeli researchers Noam Rotem and Ran Locar alongside vpnMentor have discovered that the user information included a total of 27.8 million records summing to a total of 23 gigabytes of data which was made publicly accessible simply by manipulating the URL search criteria.
The researchers told The Guardian that the biometric data on Suprema’s web-based Biostar 2 platform was mostly “unprotected” and “unencrypted”, and hence manipulating it was a simple task.
The Biostar 2 biometric platform is used by the UK Metropolitan police, defence contractors, and banks. The security platform also touts itself as a ‘global powerhouse’ in dealing with ‘biometrics, security and identity solutions’.
The researchers also said that not only were the breachers able to find admin passwords in plain text, but they were also able to change the data and add new users to the existing records.
Although the vulnerability has been fixed, the scale of the breach was alarming as the service is in 1.5 million locations across the world.