A huge cache of unsecured biometric credentials and personal information has been discovered by security researchers. Researchers working with cyber-security firm VPNMentor say they accessed data from a security tool called Biostar 2.
It is used by thousands of companies worldwide to control access to specific parts of secure facilities. More than a million fingerprints and other sensitive data have been exposed online by a biometric security firm, researchers say.
Suprema, the firm that offers Biostar 2, said it was addressing the issue.
“If there has been any definite threat on our products and/or services, we will take immediate actions and make appropriate announcements to protect our customers’ valuable businesses and assets,” a company spokesman told the Guardian.
According to VPNMentor, the exposed data, discovered on 5 August, was made private on 13 August.
It is not clear how long it was accessible.
As well as fingerprint records, the researchers say they found photographs of people, facial recognition data, names, addresses, passwords, employment history and records of when they had accessed secure areas.
