IT experts have found a gigantic database of biometric data on the Internet. You had access in more than 28 million records: fingerprints and facial photos, unencrypted user names, passwords and security clearances. Much of the data has not even been encrypted.
The Data Comes From The Biostar 2 Platform
A huge database of the Suprema company with the highly sensitive information was unprotected and unencrypted on the Internet for a longer period of time. Among them are said to be around a million fingerprints. As the IT security experts reported from the VpnMentor website, the data comes from the Biostar 2 platform of the Korean company. Suprema claims to be the market leader in biometric access control systems in Europe. Biometric technology from Suprema is also in Samsung smartphones. VpnMentor compares VPN software that enables anonymized connections to the network.
Biostar 2 is a web platform for intelligent door locks, with which companies can organize access control for their offices or warehouses themselves: only those who are allowed in can also come in. The working time can also be recorded. So that the system recognizes employees, fingerprints become face scans. According to the Guardian, defense companies and banks also use Biostar 2.Among the companies whose data is said to be affected by the open Suprema database were co-working offices in the United States and a fitness chain in India. The company sells and installs access systems, also from Suprema. Managing Director cannot explain how the name of his company should have ended up in the database: “We don’t use these products at all, we only sell them. Identbase sales staff only use the company’s sample cases for demonstration purposes, and Suprema has only recently become available.
Biometrics Database Affected
Large databases with user names, often email addresses and passwords are cracked or read more often because they are easily accessible over the internet. Hackers collect this information in long lists, which they then automatically release to access other websites. After all, they know that many people use the same access data several times because of laziness or ignorance. The majority of all login attempts on the internet are said to result from such hacker attacks. However, many passwords are stored in encrypted form in the databases. Above all, those affected can change passwords in the event of a data leak with a few clicks and keystrokes – biometric features such as eyes, fingerprints and faces.
IT security researcher at virus protection provider Kaspersky, therefore warns: It is a very bad idea to exchange passwords for biometric data. If your own fingerprint lands on the network, it is burned forever. Especially since there is another danger: Identity cards can be falsified with stolen biometric data.