Security lapse exposed Clearview AI source code

CyberTech

CyberTech

Level 44
Thread author
Verified
Top Poster
Well-known
Nov 10, 2017
3,250
Content source
https://techcrunch.com/2020/04/16/clearview-source-code-lapse/
since it exploded onto the scene in January after a newspaper exposé, Clearview AI quickly became one of the most elusive, secretive, and reviled companies in the tech startup scene.

The controversial facial recognition startup allows its law enforcement users to take a picture of a person, upload it, and match it against its alleged database of 3 billion images, which the company scraped from public social media profiles.

But for a time, a misconfigured server exposed the company’s internal files, apps and source code for anyone on the internet to find.

Mossab Hussein, chief security officer at Dubai-based cybersecurity firm SpiderSilk, found the repository storing Clearview’s source code. Although the repository was protected with a password, a misconfigured setting allowed anyone to register as a new user to log in to the system storing the code.

The repository contained Clearview’s source code, which could be used to compile and run the apps from scratch. The repository also stored some of the company’s secret keys and credentials, which granted access to Clearview’s cloud storage buckets. Inside those buckets, Clearview stored copies of its finished Windows, Mac, and Android apps, as well as its iOS app, which Apple recently blocked for violating its rules. The storage buckets also contained early, pre-release developer app versions that are typically only for testing, Hussein said.
Click to expand...
 
  • Like
  • Wow
Reactions: harlan4096, plat, Dave Russo and 6 others
CyberTech

CyberTech

Level 44
Thread author
Verified
Top Poster
Well-known
Nov 10, 2017
3,250
The UK Information Commissioner's Office and Office of the Australian Information Commissioner (OAIC) announced on Thursday that the pair would be teaming up to conduct a joint investigation into Clearview AI.

In April, OAIC asked questions of the company and issued a notice to produce under section 44 of the Australian Privacy Act.
Two months prior, the face recognition company suffered a data breach that included its customer list, the number of accounts each customer has, and the number of searches those customers had made.

"Security is Clearview's top priority," Clearview AI attorney Tor Ekeland said at the time. "Unfortunately, data breaches are part of life in the 21st century. Our servers were never accessed. We patched the flaw and continue to work to strengthen our security."

Among the organisations named in the customer list were the Australian Federal Police and other state-based police forces in Australia.
Click to expand...

www.zdnet.com

UK and Australian Information Commissioners to investigate Clearview AI

Joint investigation follows OAIC making prior contact with Clearview AI.
www.zdnet.com www.zdnet.com
 
  • +Reputation
Reactions: upnorth
You must log in or register to reply here.

Similar threads

Ink
    • Wow
    • Like
    • HaHa
Microsoft leaks 38TB of private data
Replies
4
Views
1,483
News Archive
Jonny Quest
Jonny Quest
Pixelman
    • Wow
    • Sad
    • Like
AstraZeneca password lapse exposed patient data
Replies
0
Views
405
News Archive
Pixelman
Pixelman
Gandalf_The_Grey
    • Like
    • +Reputation
HelloKitty ransomware source code leaked on hacking forum
Replies
1
Views
1,363
News Archive
cruelsister
cruelsister

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top