User data leakage is oneof the most serious problems of modern high-tech companies. A recent scandal over Facebook, for example, has caused the company multibillion-dollar losses. However, for the victims themselves, whose data has “gone” to the network, many questions arise. If passwords and logins can be changed, then fingerprints or a face scan cannot be changed. Recently it became known about the largest in the history of biometric data leakage of over one million people living in almost 100 countries of the world.
Company vpnMentor (Israel) specializingon cyber security reported an Internet leak, Suprema's database. Personal biometric data, including fingerprints, photographs and other identification information for more than a million users, have been merged into the public domain. It is noteworthy that the network got data from employees of banks and police in the UK.
Identity usedBiostar 2 platform, which was created for the operation of biometric locks from office and bank premises. The amount of information is huge - almost 27.8 million text documents and 23 GB of information files. According to Suprema, the Biostar 2 platform was integrated into the AEOS access control system, which unites 5.7 thousand enterprises from 83 countries, including government agencies.
Data Discovered by ExpertsvpnMentor companies were stored in unencrypted form, which allowed criminals to make adjustments to the database and replace photos or fingerprints of users. Immediately after the leak was discovered, the problem was reported to Supreme, which quickly eliminated the vulnerability.