The 23-GB ElasticSearch archive was discovered earlier in August, data contained in the database were collected from
Data was collected by the UK Metropolitan police, small local businesses and governments globally.
“The data leaked in the breach is of a highly sensitive nature. It includes detailed personal information of employees and unencrypted usernames and passwords, giving hackers access to user accounts and permissions at facilities using BioStar 2.” reads the post published by vpnMentor. “Malicious agents could use this to hack into secure facilities and manipulate their security protocols for criminal activities.”
The archive included 27.8 million records that also contained sensitive data like employee home address and emails, employee records and security levels and more.
The leak affected several organizations worldwide, some examples of the impacted businesses included:
Scammers could perform various fraudulent activities by combining users’ fingerprint records with personal details, usernames, and passwords.
One of the most disconcerting issues of this case is that biometric data was stored in plain text.
At the time it is not possible to determine if the archive has been accessed by third parties, below the timeline shared by
Experts pointed out that BioStar 2 was very uncooperative,
“Facial recognition and fingerprint information cannot be changed. Once they are stolen, it can’t be undone. The unsecured manner in which BioStar 2 stores this information is worrying, considering its importance, and the fact that BioStar 2 is built by a security company.” concludes vpnMentor.
“Instead of saving a hash of the fingerprint (that can’t be reverse-engineered) they are saving people’s actual fingerprints that can be copied for malicious purposes.
Putting all the data found in the leak together, criminals of all kinds could use this information for varied illegal and dangerous activities.”