Huge data leak exposed the biometric data of MILLIONS of people

Huge data leak of system used by the police and banks has exposed the fingerprints and facial recognition scans of MILLIONS of people

  • Biostar 2 system contains facial recognition scans, fingerprints and other data
  • It is used by thousands of firms – including the police, governments and banks 
  • It is currently unknown as to the extent of the leak and if sensitive information fell into the hands of hackers  

A security firm is warning millions of users that a vast data breach has exposed their biometric information – including fingerprints and facial scans. 

The private data was found on a free to access site and contained sensitive information on a system used by banks and the police as well as thousands of other firms. 

It is currently unknown as to the extent of the leak but security researchers are warning it could have devastating repercussions if it falls into the wrong hands. 

A total of 23 gigabytes of data was found to be at risk, totalling nearly 30 million records. 

Scroll down for video  

Security company Suprema is the firm which owns the software at fault which is often used to access secure facilities with fingerprints or facial recognition. The system is used by the police and even banks. It is unknown if the information fell into the hands of hackers (stock)

WHAT IS BIOSTAR 2? 

BioStar 2 is a piece of security software which contains biometric information.,  

It stores sensitive data such as fingerprints, facial recognition scans and personal information. 

It is used often to access secure facilities such as office buildings or warehouses. 

Suprema also provides services to a range of high-profile clients, counting banks, police departments and governments among its customer base. 

Facial recognition information, unencrypted usernames and passwords, and personal information was unearthed by Israeli security researchers Noam Rotem and Ran Locar working with vpnmentor.

They succeeded in to accessing a security tool called Biostar 2 which held all the data. 

‘The access allows first of all seeing millions of users are using this system to access different locations,’ Mr Rotem told The Guardian. 

Security company Suprema is the firm which owns the software at fault which is often used to access secure facilities with fingerprints or facial recognition.   

A spokesperson said: ‘If there has been any definite threat on our products and/or services, we will take immediate actions and make appropriate announcements to protect our customers’ valuable businesses and assets.’ 

Suprema also provides services to a range of high-profile clients, counting banks, police departments and governments among its customer base. 

The exposed data was unearthed on August 5 and the firm claims it was secured yesterday. 

The reason for the delay remains unknown. 

‘We started calling all of the offices one by one and had to deal with people just hanging up the phone,’ Mr Rotem told the BBC.  

‘This could be used in a wide range of criminal activities that would be disastrous for both the businesses and organisations affected, as well as their employees or clients,’ said VPNMentor in a blog about the discovery.

Facial recognition information, unencrypted usernames and passwords, and personal information was unearthed by Israeli security researchers Noam Rotem and Ran Locar working with vpnmentor. They succeeded in to accessing a security tool called Biostar 2 which held all the data (stock)

Etienne Greeff, CTO of cybersecurity services and solutions provider SecureData, told MailOnline: ‘It’s one thing having your password hacked – passwords can be changed and replaced. 

‘But what happens when your biometrics are hacked? You can’t change your voice; you can’t replace your eyes and you can’t reset your fingerprints. Those things are constant, permanent and contain genetic data that is unique to you.

‘Today’s Biostar 2 hack – which saw thousands of citizens’ fingerprints leaked into the ether – is a worrying warning that the security grass isn’t always greener – all methods of authentication have their strengths and weaknesses. 

‘It’s when technology is mismanaged or misused that we see these breaches and hacks cropping up regularly in media column inches.’ 

Emmanuel Schalit, CEO of digital identity company Dashlane, added: ‘If we unpick today’s Biostar 2 biometric data hack, there are a number of alarming issues to address. 

‘Firstly, the biometric data that was leaked was stored in an unencrypted cloud-based database, which goes against all primordial security practices for the storage of personal data. GDPR states that personal data must be processed in a manner that ensures appropriate security of the personal data, including against accidental loss. 

‘Suprema, the company that offers Biostar 2, has joined the ranks of those already shown to not be following these regulations.

‘Secondly, the actual contents of the breach: usernames, passwords, addresses, times of accessing secure areas, and fingerprint and facial recognition data. 

‘Some of these can be reset – passwords and usernames, for example. Some, however, like fingerprints and facial recognition data can never be changed.’

Source: Read Full Article