Skip to main content

Over a million users biometric data leaked in breach

(Image credit: Image Credit: Flickr / AMISOM)

A huge database of biometric information (opens in new tab) on more than a million people, was just sitting on the internet, unprotected, for anyone to see - as long as they knew where to look. Luckily for everyone whose data was found - it was the security researchers who seem to have found the gaping hole first. 

They notified the database’s owners who have, in the meantime, patched things up.

Israeli security researchers Noam Rotem and Ran Locar, together with vpnmentor, a service that reviews virtual private network services, were scanning ports in search of familiar IP blocks. They would then use the blocks to find flaws in corporate systems which could potentially lead to a data breach.

In one such excursion, they came across the database belonging to Biostar 2, which was “unprotected and mostly unencrypted”.

The database held 27.8 million records, as well as 23 gigs worth of data which included admin panels, dashboards, fingerprint data, facial recognition data (opens in new tab), user photos, usernames and passwords, facility access logs, security levels, clearance, as well as staff personal details.

Biostar 2 is, among other things, part of the supply chain for the UK Metropolitan police, through a security company called Suprema.

It was said that the database wasn’t just read-only. Whoever had access, could also change the information found there. You could change a person’s fingerprint or photo (opens in new tab)

Even though Suprema is yet to comment on the findings, the hole was plugged on Wednesday morning. 

The only thing that the company said, through its head of marketing, Andy Ahn, is that it will analyse the situation. Talking to The Guardian (opens in new tab), Ahn said: “If there has been any definite threat on our products and/or services, we will take immediate actions and make appropriate announcements to protect our customers’ valuable businesses and assets.”

Sead Fadilpašić is a freelance tech writer and journalist with more than 17 years experience writing technology-focussed news, blogs, whitepapers, reviews, and ebooks. And his work has featured in online media outlets from all over the world, including Al Jazeera Balkans (where he was a Multimedia Journalist), Crypto News, TechRadar Pro, and IT Pro Portal, where he has written news and features for over five years. Sead's experience also includes writing for inbound marketing, where he creates technology-based content for clients from London to Singapore. Sead is a HubSpot-certified content creator.