‘Data breaches are part of life?’ Theft of list from MASSIVE privacy-annihilating facial recognition database downplayed by firm

Facial-recognition tool Clearview AI has had its client list stolen, though the secretive corporation, which boasts billions of scraped photos in its archive, insists no servers were breached and that the security flaw is fixed.

The hacker “gained unauthorized access” to Clearview’s customer list, the shadowy firm told customers on Wednesday in an email obtained by the Daily Beast, explaining that the intruder had accessed the number of user accounts set up by those customers as well as the number of searches they’d conducted. Clearview hastened to add that there had been “no compromise of Clearview’s systems or network,” claiming it had fixed the vulnerability (which was apparently not in its systems or network) and that its law enforcement customers’ search histories were safe.

“Data breaches are part of life in the 21st century,” Tor Ekeland, a lawyer for the company, told the Beast defensively, insisting “our servers were never accessed. We patched the flaw, and continue to work to strengthen our security.”

Despite the company’s efforts to downplay the breach, it nevertheless unsettled a security expert to whom the outlet spoke. “If you’re a law enforcement agency, it’s a big deal, because you depend on Clearview as a service provider to have good security, and it seems like they don’t,” Aspen Cybersecurity Group Managing Director David Forscey said.

Knowing who does have access to that treasure trove would in theory allow the hackers to choose a target with lax security and crack their systems to gain access to the tantalizing database. Over 600 federal and state law enforcement agencies have signed up with Clearview in the past year, according to the New York Times, which published a feature on the company last month unequivocally titled “This company might end privacy as we know it.” Beyond that, “at least a handful of companies” in the private sector, including banks, also have the app “for security purposes.”

Clearview was credulously described by the Times as the brainchild of an “Australian techie and onetime model” who, with the help of a former aide to former New York mayor Rudolph Giuliani and the financial backing of Big Tech bogeyman Peter Thiel, managed to devise an image-scraping system that has slurped up over three billion images from across social media platforms and the wider internet, cross-referenced them, and fed the results into a facial recognition app. It even has the capability to interface with augmented-reality goggles, though founder Hoan Ton-That insisted he had “no plans” to release that feature.

Twitter’s policies supposedly ban the use of platform data for facial recognition, and YouTube, Facebook, Instagram, and Venmo told the Times their own policies prohibit image-scraping of the sort Clearview does, but those three billion-plus images made it into the app, where they will remain even if the originals are deleted. The Times feature triggered cease-and-desist letters from Twitter, Google, and Facebook, and a handful of states, including New Jersey, enacted a moratorium on use of the app pending further investigation.

Back in January, the Times wrote that “Clearview’s app carries extra risks because law enforcement agencies are uploading sensitive photos to the servers of a company whose ability to protect its data is untested.” Just over a month later, it seems that ability is somewhat below par. Ton-That told CNN earlier this month that he’s merely trying to build a “great American company,” insisting the technology is only for solving crimes and saving children and that he’d never sell it to “Iran, Russia, or China.” One can only guess now which of the three this hack will be blamed on.

Like this story? Share it with a friend!