Many big names have been recently involved in data breach controversies during the last few months. Unfortunately, the list does not end here and a new security data breach resulted in exposing biometric data of millions of people online.
The report suggests that a public database has leaked personal information, log data, login credentials, fingerprints, and facial recognition records of more than one million people. If we look at the details, the size of the data is estimated to be 23 gigabytes and it contained 27.8 million records of the users of Biostar 2 security platform.
“More than 5,700 organisations in 83 countries” are currently using the Biostar 2 security system. The system is used by police, banks, commercial buildings and governments to provide controlled access in UAE, India, UK, Japan, and the USA.
Needless to say, those hackers who got access to the database can easily change usernames and passwords to get access to those the Biostar 2 secured facilities. The security researchers stated in an interview with the Guardian.
We were able to find plain-text passwords of administrator accounts. The access allows first of all seeing millions of users are using this system to access different locations and see in real time which user enters which facility or which room in each facility.
The researchers further confirmed that they were successful in an attempt to modify the data and add new users to the database.
Although the security experts are estimating the damage, still we can imagine the impact of this breach. Potential hackers can manipulate the system to change logs, user data, remove and add users, edit account information and more. Moreover, the fact that they can steal the biometric information and abuse it for illegal purposes can not be understated. We can replace the username and password of a user but fingerprints will still remain the same.
Luckily, the security flaw has been fixed now but it remains to be seen how many malicious figures got access to the unsecured database in the first place. According to the researchers, Suprema didn’t respond when they initially reported the vulnerability. It clearly means that the impact could have been restricted if the company had taken necessary actions on time.
If your organization is also amongst the list of affected companies, it is highly recommended that you should change the login credentials of your Biostar 2 dashboard. Furthermore, all the users in your organization should change their passwords as a precautionary measure.