A controversial facial recognition company has just informed its customers of a data breach in which its entire client list was stolen.
Clearview AI leapt to fame in January when a New York Times report claimed that the start-up had scraped up to three billion images from social media sites to add to its database.
That makes it a useful resource for its law enforcement clients, which can query images they capture against the trove. The FBI’s own database is said to contain little more than 600 million images.
Now those clients have been exposed after an unauthorized intruder managed to access the Clearview AI’s entire customer list, the number of user accounts those companies have set up, and the number of searches they’ve carried out. However, they apparently didn’t get hold of client search histories.
Interestingly, the firm claimed that its own servers, systems and network weren’t compromised.
In a statement sent to The Daily Beast, company attorney, Tor Ekeland, claimed that security is the firm’s top priority.
“Unfortunately, data breaches are part of life in the 21st century. Our servers were never accessed. We patched the flaw, and continue to work to strengthen our security,” he added.
Clearview AI is coming under increasing pressure from privacy activists and social media companies.
The latter have reportedly demanded the firm “cease and desist” from its web scraping activity as it breaches their terms of service, although the firm claims it is a First Amendment right to collect publicly available photos.
The firm has also been forced to deny rumors that consumers could also use its service to find out personal information including address details of people whose images they possess.
Tim Mackey, principal security strategist within the Synopsys CyRC (Cybersecurity Research Center), argued that cyber-criminals will now view compromise of Clearview AI’s systems as a priority.
“I would encourage Clearview AI to provide a detailed report covering the timeline and nature of the attack. While it may well be that the attack method is patched, it also is equally likely that the attack pattern is not unique and can point to a class of attack others should be protecting against,” he added.
“Clearview AI possesses a target for cyber-criminals on many levels, and is often the case digital privacy laws lag technology innovation. This attack now presents an opportunity for Clearview AI to become a leader in digital privacy as it pursues its business model based on facial recognition technologies.”