A controversial facial recognition startup that scrapes the internet for billions of pictures for law enforcement agencies has had its entire client list stolen in a major data breach.
Clearview AI said the compromised information includes the number of searchers its customers have made and how many accounts they control.
“Security is Clearview’s top priority. Unfortunately, data breaches are part of life in the 21st century,” the firm’s lawyer Tor Ekeland said in a statement.
“Our servers were never accessed. We patched the flaw and continue to work to strengthen our security.”
A notification sent to customers said an intruder “gained unauthorised access” to the client list, according to The Daily Beast, who first reported the breach.
The company has previously raised privacy concerns after it was revealed that it trawls through pictures posted to Facebook and other popular sites to build a vast database of faces.
An investigation by The New York Times in January reported that the company’s database contained more than 3 billion images. Clients with access to the database include police departments across the US and Canada.
Security experts have called on Clearview AI to provide a detailed report covering the timeline and nature of the attack, due to the sensitive data the company deals with.
“The nature of Clearview AI’s business makes this type of attack particularly problematic,” Tim Mackey, principal security strategist with cyber security firm Synopsys, told The Independent.
“Facial recognition systems have evolved to the point where they can rapidly identify an individual, but combining facial recognition data with data from other sources like social media enables a face to be placed in a context which in turn can enable detailed user profiling – all without explicit consent from the person who's face is being tracked.”