Over 27 million data records such as facial recognition profiles, fingerprints, usernames and unencrypted passwords have been found openly available on Suprema Inc's Biostar 2 biometric access control system servers. This security firm powers access control for over 1.5m installations, including governments, police and banks.
Two Israeli researchers working for a VPN company found unsecured backdoor access to this database, which is a major data breach for a security based firm. The full report on the leak, along with sample information, can be found here:
www.vpnmentor.com
Not only was this information accessible without credentials, but data stored within this database included non encrypted passwords for many users. It is highly likely that these passwords would be re-used elsewhere, so could provide a treasure-trove of personal information for unscrupulous hackers.
This flaw has now been patched, but it sounds like Suprema were particularly uncooperative, if the report is to be taken at face value.
Two Israeli researchers working for a VPN company found unsecured backdoor access to this database, which is a major data breach for a security based firm. The full report on the leak, along with sample information, can be found here:
Report: Data Breach in Biometric Security Platform Affecting Millions of Users
Led by internet privacy researchers Noam Rotem and Ran Locar, vpnMentor’s team recently discovered a huge data breach in security platform BioStar 2. ...
www.vpnmentor.com
Not only was this information accessible without credentials, but data stored within this database included non encrypted passwords for many users. It is highly likely that these passwords would be re-used elsewhere, so could provide a treasure-trove of personal information for unscrupulous hackers.
This flaw has now been patched, but it sounds like Suprema were particularly uncooperative, if the report is to be taken at face value.
