Researchers at a cybersecurity firm said fingerprint and facial recognition data was exposed at a major biometric company, saying the potential for “fraud is massive.”
“This is a huge leak that endangers both the businesses and organizations involved, as well as their employees,” cybersecurity firm vpnMentor said in a blog post about the breach on BioStar 2, a biometric security platform built by Suprema, one of the world’s top security device and security system providers.
Biometrics uses human features such as fingerprints and facial recognition for authenticating a person’s ID.
“Facial recognition and fingerprint information cannot be changed. Once they are stolen, it can’t be undone,” vpnMentor said.
Suprema’s BioStar 2 biometric technology is used widely. For example, it’s integrated into the AEOS access control system, used by more than 5,700 organizations in 83 countries, including some of the biggest multinational businesses, vpnMentor said in the post.
The platform overall has over 1.5 million worldwide installations and all could be vulnerable to the leak, according to vpnMentor. And the total number affected “could be in the tens of millions,” the cybersecurity firm said.
The breach was discovered on August 5 and by August 13 the breach was closed, according to vpnMentor’s blog post. Initially, Suprema was not responsive when contacted, vpnMentor said in the post.
But that changed when they contacted the French branch of the company. “Our call with the [Suprema] French branch helped speed up the process and the breach was closed a few hours after. We received an email from Suprema…thanking us for letting them know,” a vpnMentor spokesperson told Fox News in an email.
The data exposed also includes detailed personal information of employees and unencrypted usernames and passwords, giving hackers potential access to user accounts and permissions at facilities using BioStar 2.
“This leak allowed anyone in possession of this data to actually access customers’ accounts and steal the biometric records of the end users…fingerprints and pictures,” vpnMentor said in a statement sent to Fox News.
One of the things that surprised vpnMentor was how unsecured the account passwords were. “Plenty of accounts had ridiculously simple passwords, like ‘Password’ and ‘abcd1234.’ It’s difficult to imagine that people still don’t realize how easy this makes it for a hacker to access their account,” the cybersecurity firm said in the blog post.
Fox News has reached out to Suprema with a request for comment on this story.