During a routine web-mapping project, cybersecurity researchers found that large chunks of a massive database belonging to biometric security platform BioStar 2 were unencrypted and unsecured. Dark Reading reported that the researchers discovered 23 GB of leaked data comprised of 27.8 million records, including fingerprints, facial recognition data, usernames, passwords, permissions, employee records, and more. BioStar 2 is used around the globe at over 5,700 institutions such as governments, banks, businesses, and police stations to control access to high-security areas. Identifying users through facial recognition and fingerprint scanning, BioStar stores biometric information that can never be modified – users can change their passwords, but not their fingerprints. Avast Security Evangelist Luis Corrons said “This is not just another case of negligence in the protection of sensitive information. This company works on security, and the problem is not only that the data was in the open for anyone to read. The researchers who discovered the issue could also change the vulnerable information. Even worse, the information was unencrypted, which shows the lack of security protocols in place.” The researchers brought the leaked info to the attention of Suprema, parent company to BioStar, and the database was secured on August 13.
