Fingerprint, facial recognition data of over 1 million people exposed in the UK

In a major breach of biometric systems used by the UK Metropolitan police, defence contractors, and banks, fingerprint and facial recognition information of more than 1 million people had been left exposed in a publicly accessible database. According to The Guardian, researchers found that the biometric data on Suprema’s web-based Biostar 2 platform that controls access to secure facilities, was unprotected and mostly unencrypted. [caption id=“attachment_4208113” align=“alignnone” width=“1280”]  Representational image.[/caption] The database included 27.8 million records, totalling 23 gigabytes of data. A simple manipulation of the URL search criteria not only allowed access to the data but also permitted alterations. The vulnerability has been fixed, however, the scale of the breach was alarming as the service is in 1.5 million locations across the world. The vulnerability was found by Israeli security researchers Noam Rotem and Ran Locar, who are working with vpnmentor, a service that reviews virtual private network services. Reportedly, the researchers have been looking for familiar IP blocks, and then use these blocks to find holes in companies’ systems that could potentially lead to data breaches. “We were able to find plain-text passwords of administrator accounts,” Rotem said. “The access allows first of all seeing millions of users are using this system to access different locations and see in real time which user enters which facility or which room in each facility, even.” “We [were] able to change data and add new users,” he added. With inputs from ANI.