Antheus Tecnologia’s web server containing records of about 76,000 unique fingerprints was exposed on the internet. Researchers said Wednesday. The unsecured fingerprint data, as well as employee email addresses and telephone numbers, had been collected.
According to Anurag Sen, the researcher who published his findings with antivirus analysis site Safety Detectives, the database, which held close to 2.3 million data points, most of which were server access logs, has now been secured. The fingerprint data was processed as a stream of binary data, which is a series of ones and zeroes. Anurag Sen further said that bad actors could transform that data back into a biometric fingerprint picture.
And even though they are not able to find a way to use the data for immoral purposes, that will change as technology progresses, “It might be that in the future they’ll find a way to exploit it,” Sen said. “Fingerprints are permanent throughout life.”
Although, we didn’t get an immediate response from Antheus Tecnologia to a request for comment.
Research is an excellent example of exposed databases, a growing issue that presents confidential data to everyone with the right I.P. address. As mostly the companies transfer internal data from their servers into the cloud, inexperienced I.T. staff frequently abandons the web-based databases accidentally without password protection. This disclosed Peru’s national identification numbers, personal contact details stored in a U.K. marketing database, and medical histories of opioid recovery patients in the U.S. Investigators are looking for the vulnerabilities and trying to get the data to safe businesses.
Protecting emails and other online accounts with passwords isn’t the only way to keep cloud services secure. A new feature from MongoDB software maker lets database managers store encrypted cloud data. But this feature needs to be switched on and proper configurations these solutions to work.
The fingerprint data includes ridge bifurcation and ridge end data, identifying characteristics used to break fingerprints separately. Logs in the accessible cache also let researchers see which records a particular fingerprint scan is associated with. Many significant breaches to fingerprint data include misuse by the U.S. Personnel Management Office in 2015, where hackers stole background check data on government employees, including over 1 million fingerprints.
Sen claimed in his report with Safety Detectives that the value of holding fingerprints data stored securely is growing. However, academic researchers have created biometric replicas that can fool fingerprint readers in a virtual environment (they didn’t check real phones). In the future, hackers could use a high-quality fake to access your mobile phone or computer’s private information. Sen said, “such as texts, images, and methods of payment stored on your system.”