In a familiar refrain, a cloud data bucket was left open, but this time the stakes were high – a misconfigured server exposed the source code, copies of its facial recognition apps as well as private data at controversial startup Clearview AI, which gained unwanted notoriety earlier this year for obtaining billions of photos by scraping the internet for use by law enforcement agencies.
Although the database was password protected SpiderSilk CSO Mossab Hussein discovered that anyone could register to access the system.
“Clearview AI’s cloud data buckets were left vulnerable, and unfortunately, these oversights caused their facial recognition apps and private data to be left open on the internet for anyone to access,” said James Carder, chief security officer and vice president, who noted the exposure is a result of “bad IT practice with lax security controls” that didn’t provide for monitoring and alerting. “Additionally, thousands of videos from a residential building were left open on the server, a violation of privacy and potential danger to those on camera.”
Please register to continue.
Already registered? Log in.
Once you register, you'll receive:
The context and insight you need to stay abreast of the most important developments in cybersecurity. CISO and practitioner perspectives; strategy and tactics; solutions and innovation; policy and regulation.
Unlimited access to nearly 20 years of SC Media industry analysis and news-you-can-use.
SC Media’s essential morning briefing for cybersecurity professionals.
One-click access to our extensive program of virtual events, with convenient calendar reminders and ability to earn CISSP credits.