The startup came under scrutiny after it emerged that it had amassed 3 billion photos from social media for its facial recognition software.
The controversial facial recognition company Clearview AI has notified its customers that a bad actor had “gained unauthorized access” to its entire customer list, which includes some of the most powerful law enforcement agencies in the United States. According to the notification obtained by the Daily Beast, the stolen information includes customer names, the user accounts that the customers had set up, and even the number of searches that they ran through the service.
Details are rather sparse about the nature of the incident and it’s not immediately clear how it unfolded. Interestingly enough, however, Clearview AI denied that it had suffered a breach of its own servers.
“Unfortunately, data breaches are part of life in the 21st century. Our servers were never accessed. We patched the flaw, and continue to work to strengthen our security,” Tor Eklund, an attorney representing the company, was quoted as saying.
The startup also gave assurances that the bad actors weren’t able to gain access to the search histories of any of the law-enforcement agencies using the system. Apparently, the image database was not accessed, either.
ESET Security Specialist Jake Moore shared his expert opinion on the matter: “Data breaches might be part of life in the 21st century but we need to make sure the severity is kept to a minimum and the data exposed is heavily encrypted. Any data breach is serious and should not be taken lightly. If the data exposed had included faces, it would have taken this to the next level.”
“Companies which hold extremely sensitive data such as facial identities need to understand they are a higher profile risk and need even more layers of protection to thwart these inevitable attacks,” he added.
Facial recognition is a hotly discussed topic, especially due to the underlying privacy concerns and the potential for misuse of the technology. San Francisco, for one, was the first city in the United States to ban its use by law enforcement and local agencies. Meanwhile, the European Union mulled a temporary ban on the use of the technology in public places, but eventually backtracked on the idea.