Clearview AI client list hacked

The facial recognition company reportedly works with the FBI and US law enforcement

A facial recognition company that works with US law enforcement agencies has sent a notification to its customers that an "intruder" gained access to its entire client list. 

New York-based Clearview AI told The Daily Beast that the breach also included figures for client accounts and searches. 

The company gained notoriety in January after it said it harvested three million images from sites like Twitter and Facebook to power its facial recognition models.

Advertisement - Article continues below

That data is not thought to have been involved in the breach and the company said its systems and network had not been compromised.

However, its list of customers, some of which are reportedly high profile agencies such as the FBI, has been accessed.  

Related Resource

Digital Risk Report 2020

A global view into the impact of digital transformation on risk and security management

Download now

"Security is Clearview's top priority," the company's attorney, Tor Ekeland, told The Daily Beast. "Unfortunately, data breaches are part of life in the 21st century. Our servers were never accessed. We patched the flaw, and continue to work to strengthen our security."

Clearview gained notoriety after The New York Times ran a feature about its work with law enforcement agencies and how its facial recognition models were trained on three billion images from the internet. These, it said, were harvested from social media sites, YouTube and more. Twitter, and then later Facebook, sent cease and desist letters to the company requesting it stop harvesting its user data as it violated privacy policies. 

Advertisement
Advertisement - Article continues below
Advertisement - Article continues below

The agencies it is said to work with include the FBI and the Department of Homeland Security. An anonymous Canadian law-enforcement official told The NYTs that for investigations into sexual abuse it was "the biggest breakthrough in the last decade". 

While Clearview's attorney rightly pointed out that data breaches are a fact of modern life, the nature of its business makes this type of attack particularly problematic, according to Tim Mackey, a principal security strategist for Synopsys. 

"I would encourage Clearview to provide a detailed report covering the timeline and nature of the attack," he said. "While it may well be that the attack method is patched, it also is equally likely that the attack pattern is not unique and can point to a class of attack others should be protecting against."

According to Forrester's senior analyst Kjell Carlsson, there is a high likelihood that Clearview's client list will get into the wrong hands and we will see cities across the globe finding out that their local law enforcement agencies were testing or using Clearview. This, he fears will start a backlash. 

Advertisement - Article continues below

"We should evaluate these technologies on the basis both of ethics and efficacy and on both fronts Clearview scores poorly," he said. "There is an ethical way to do facial recognition and a non-ethical way, and Clearview very clearly chose a non-ethical way, creating a database of names, faces (and presumably other personal information) by scraping social media. Further, the little evidence on tests using Clearview suggests that it wasn't particularly effective with a high rate of false positives, relative to competitors.

"There will now be even more pressure on western tech giants not to invest in facial recognition, and it is wrong. It is far better that companies like Google, Microsoft, AWS and IBM offer facial recognition because they have the capabilities to do it well and the reputational-risk to ensure that it is done as ethically as possible versus companies like Clearview who can operate in the dark until a scandal brings them to the public attention."

Featured Resources

Top 5 challenges of migrating applications to the cloud

Explore how VMware Cloud on AWS helps to address common cloud migration challenges

Download now

3 reasons why now is the time to rethink your network

Changing requirements call for new solutions

Download now

All-flash buyer’s guide

Tips for evaluating Solid-State Arrays

Download now

Enabling enterprise machine and deep learning with intelligent storage

The power of AI can only be realised through efficient and performant delivery of data

Download now
Advertisement
Advertisement

Most Popular

Visit/security/cyber-crime/355171/fbi-warns-of-zoom-bombing-hackers-amidst-coronavirus-usage-spike
cyber crime

FBI warns of ‘Zoom-bombing’ hackers amid coronavirus usage spike

31 Mar 2020
Visit/security/data-breaches/355173/marriott-hit-by-data-breach-exposing-personal-data-of-52-million
data breaches

Marriott data breach exposes personal data of 5.2 million guests

31 Mar 2020
Visit/development/application-programming-interface-api/355192/apple-buys-dark-sky-weather-app-and-leaves
application programming interface (API)

Apple buys Dark Sky weather app and leaves Android users in the cold

1 Apr 2020
Visit/data-insights/data-management/355170/oracle-cloud-courses-are-free-during-coronavirus-lockdown
data management

Oracle cloud courses are free during coronavirus lockdown

31 Mar 2020