Facial Recognition Company Hacked

Clearview AI, that works with the US law enforcement community with its facial recognition software, has had a hacker exploit a security flaw and steal its entire client list. The company , whose database has collected over 3 billion photos has suffered a data breach. 

The data stolen in the hack included the firm’s entire customer list, which will include multiple law enforcement agencies, along with information such as the number of searches they had made and how many accounts they’d set up. Clearview AI say the huge database of images was not part of the breach.
 
The exact nature and source of the breach remains unknown at this time. The company says it’s patched the vulnerability and insists its servers were not accessed. Based on the sensitive nature of its work, there’s plenty of reason for concern. Clearview says it works with law enforcement agencies and the company claims that not only does its clientele include hundreds of police stations, it also services the FBI and DHS. A leaked list of Clearview AI’s clients shows that the controversial company’s facial recognition software has spread way beyond law enforcement, into household names. 

Clearview claims to have scraped more than three billion images from websites and social media platforms into a database that police can use to match with photos of suspects.

They include retailers (Walmart, Kohl’s, BestBuy and Macy’s); banks (Wells Fargo and Bank of America), sports leagues (the NBA); entertainment venues (Madison Square Garden), mobile carriers (AT&T, Verizon, and T-Mobile); casinos (Las Vegas Sands and Pechanga Resort Casino); gyms (Equinox); ticketing platforms (Eventbrite); and cryptocurrency exchanges (Coinbase).

Clearview’s focus on law enforcement would suggest that other companies would find similar security uses, such as identifying shoplifters in stores and potential trouble-makers at basketball games. But this could quickly lead to the unconsented profiling of innocent consumers and passersby.

Clearview’s system, the company says, is “an after-the-fact research tool. Clearview is not a surveillance system and is not built like one. For example, analysts upload images from crime scenes and compare them to publicly available images.”

In doing so, it says, it has the power to help its clients, which include police departments, ICE, Macy’s, Walmart, and the FBI, says a recent Buzzfeed report to stop criminals: “Clearview helps to identify child molesters, murderers, suspected terrorists, and other dangerous people quickly, accurately, and reliably to keep our families and communities safe.”

Clearview AI hit the news recently when the New York Times detailed how the company’s facial recognition program had scraped sources including Facebook and Twitter to build its massive database. 

If you live in California, under the rules of the newly enacted California Consumer Privacy Act, you can see what Clearview has gathered on you, and request that they stop it.

Buzzfeed:      Coindesk:     The Next Web:       Forbes:    

You Might Also Read:

AI Will Find You In The Crowd:

 

« The Hot Jobs In Cyber Security & How To Get One
Cyber Criminals Target UK Motorists »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

Perimeter 81 / How to Select the Right ZTNA Solution

Perimeter 81 / How to Select the Right ZTNA Solution

Gartner insights into How to Select the Right ZTNA offering. Download this FREE report for a limited time only.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

BackupVault

BackupVault

BackupVault is a leading provider of completely automatic, fully encrypted online, cloud backup.

MetaCompliance

MetaCompliance

MetaCompliance is a cyber security and compliance organisation that helps transform your company culture and safeguard your data and values.

Veeam

Veeam

Veeam is the leader in intelligent data management for the Hyper-Available Enterprise.

CERT-GOV-MD

CERT-GOV-MD

CERT-GOV-MD is the national Computer Emergency Response Team for Moldova.

European Network for Cyber Security (ENCS)

European Network for Cyber Security (ENCS)

ENCS’s core focus is around educating and solving cyber security challenges in the development and operation of energy grids across Europe.

BlueID

BlueID

BlueID is an IDaaS technology product which enables your objects to securely connect and interact with your users’ smart phones and smart watches.

National Cyber Summit (NCS)

National Cyber Summit (NCS)

The National Cyber Summit is the preeminent event for cyber training, education and workforce development aimed at protecting our nation's infrastructure from the ever-evolving cyber threat.

Centre for Multidisciplinary Research, Innovation & Collaboration (C-MRiC)

Centre for Multidisciplinary Research, Innovation & Collaboration (C-MRiC)

C-MRiC collaborates on initiatives, ranging from national cyber security, enterprise security, information assurance, protection strategy, climate control to health and life sciences.

Haechi Audit

Haechi Audit

Haechi Audit is a leading smart contract security audit firm. We provide the most secure smart contract security audit and smart contract development services to our global clients.

Heidrick & Struggles International

Heidrick & Struggles International

Heidrick & Struggles is a premier provider of leadership consulting and senior-level executive search services for roles including Information & Technology Officers and Cybersecurity.

AppGate

AppGate

AppGate brings together a set of differentiated cloud- and hybrid-ready security and analytics products and services.

Critical Start

Critical Start

Critical Start provides Managed Detection and Response services, endpoint security, threat intelligence, penetration testing, risk assessments, and incident response.

Phy-Cy.X Security Group

Phy-Cy.X Security Group

Phy-Cy.X specialize in the “Physics” of Information Security through both physical and cyber domains. We are not an IT company, we ARE an Information Security company.

F1 Security

F1 Security

F1 Security provides a family of web security solutions including web application firewalls, web shell detection solutions, and web shell scanners.

Arcanna.ai

Arcanna.ai

Using a wide range of out-of-the box integrations, Arcanna.ai continuously learns from existing enterprise cybersecurity experts and scales your team’s capacity to deal with threats.

Orro Group

Orro Group

Orro create 'future now' solutions that make it faster, simpler and safer for you to access, store and share information. Wherever, whenever and with whomever you want.

Digital Silence

Digital Silence

Digital Silence is a world-class provider of information security research and consulting services.