BreachExchange mailing list archives
Employee ID company leaves 76, 000 fingerprints exposed to hackers online along with email addresses and phone numbers
From: Destry Winant <destry () riskbasedsecurity com>
Date: Fri, 13 Mar 2020 09:21:42 -0500
https://www.dailymail.co.uk/sciencetech/article-8100805/Employee-ID-firm-leaves-76-000-fingerprints-exposed-online-email-addresses-phone-numbers.html Nearly 76,000 unique fingerprints were exposed online in an unprotected database bellowing to a Brazilian firm that develops fingerprint identification systems for corporations. Also in the bucket were email addresses and telephone numbers of the employees whose prints were being stored by the company Anteus Tecnolgia. The fingerprint data included ridge bifurcation and ridge ending data, both of which describe characteristics used to tell fingerprints apart. Although the information was stored as a binary data system, a string of zeros and ones, researchers who uncovered the database said cybercriminals could create a biometric image of the person’s fingerprint with the data. Nearly 76,000 unique fingerprints were exposed online in an unprotected database bellowing to a Brazilian firm that develops fingerprint identification systems for corporations The discovery was made by security researchers at Safety Detectives who access the database containing 16 gigabytes of information that included highly sensitive information related to identification and biometric details- but has since been secured, as first reported on by CNET. The bucket belongs to Antheus Tecnologia, which develops and distributes Automated Fingerprint Identification Systems (AFIS), automated fingerprinting and other systems such as iris recognition devices. World's biggest gaming conference E3 is cancelled three...New EU rules that could mark the end of 'throwaway culture'... And the firm claims to be the first Brazilian company to be certified by the US Federal Bureau of Investigation (FBI) and develops biometric solutions for domestic and overseas clients. Security Detectives found more than 81.5 million records that contained employee emails and telephone numbers, along with the 76,000 fingerprints. Although the information was stored as a binary data system, a string of zeros and ones, researchers who uncovered the database said cybercriminals could create a biometric image of the person’s fingerprint with the data ‘The unsecured method in which Antheus Tecnologia stores information is rather alarming considering its importance. It’s even more alarming that Antheus Tecnologia was built and deployed by a security company,’ Security Detectives. ‘Instead of saving a hash of the fingerprint (that cannot be reverse-engineered), Antheus is saving people’s actual fingerprints through rudimentary encoding which can then be replicated for malicious purposes.’ The team explained that bad actors could use the information left unprotected to commit illegal and dangerous activities such as gaining access to restricted or classified information, extortion, phishing attacks and more. The discovery was made by security researchers at Safety Detectives who access the database containing 16 gigabytes of information that included highly sensitive information related to identification and biometric details- but has since been secured ‘Data breaches relating to fingerprint data is particularly concerning because of the inherent inability for users to refresh their security information,’ researchers share. ‘Given current consumer and professional trends, fingerprints are replacing typed passwords in many consumer goods such as phones and laptops.’ ‘Most fingerprint scanners on consumer goods are encrypted, so when a hacker develops technology to replicate your fingerprint, they could gain access to all the private information such as messages, photos and payment methods stored on your device.’ _______________________________________________ BreachExchange mailing list sponsored by Risk Based Security BreachExchange () lists riskbasedsecurity com If you wish to Edit your membership or Unsubscribe you can do so at the following link: https://lists.riskbasedsecurity.com/listinfo/breachexchange
Current thread:
- Employee ID company leaves 76, 000 fingerprints exposed to hackers online along with email addresses and phone numbers Destry Winant (Mar 13)