Techrecipe

28 million biometric records were leaked

VpnMentor, an Israeli VPN surveillance service company, has revealed a massive data breach on the security service BioStar 2. The leaked data is said to contain over 27 million data, such as unencrypted IDs and passwords, in addition to fingerprints and face photos used for biometric authentication.

Biostar 2, where data leakage was pointed out, is a security service provided by Suprema to 1.5 million facilities around the world, including government agencies, banks, universities, defense industry companies, police, and multinational corporations. It is included in the top 50 companies in the world in the security field, and is also the No. 1 market share in the biometric authentication service in Europe, the Middle East, and Africa.

In July, Suprema began expanding its database by integrating AEOS, an access control system used in 5,700 facilities in 83 countries, with the Biostar 2 system. The VPN Mentor accidentally discovered that among Suprema’s other projects, the Biostar 2 database was stored on the open Internet in an unencrypted state. You can easily view it with a web browser, and you can view information such as user ID, password, and user name, as well as the Elasticsearch analysis console, an open source software used to build a database.

This database covers more than 27.8 million records and 23 GB. This includes the client’s fingerprint or facial recognition data, face photo, user name, password, access records, personal information such as employee addresses and e-mail addresses, and mobile device operating system information. The VPN Mentor decided to disclose some of the companies that were affected by information leakage as examples.

The VPN mentor confirmed the problem on August 5th and notified Suprema by e-mail, but it is said that there was no response to the e-mail several times. Eventually, the database was shut down under the support of the French branch, but it was on August 13th, more than a week after the VPN mentor discovered the problem, that it was possible to take action.

The VPN Mentor said that if the Biostar 2 company was taking basic security measures, such a leak could have been easily avoided.The database pointed out the possibility that the database has already fallen into the hands of malicious hackers, recommending that the victims and users should take quick action. have. Related information can be found here .