Clearview AI loses entire database of faceprint-buying clients to hackers
Clearview AI, the controversial facial recognition startup that's gobbled up more than three billion of our photos by scraping social media sites and any other publicly accessible nook and cranny it can find, has lost its entire list of clients to hackers – including details about its many law enforcement clients.
In a notification that The Daily Beast reviewed, the company told its customers that an intruder “gained unauthorized access” to its list of customers, to the number of user accounts they've set up, and to the number of searches they've run.
The disclosure also claimed that Clearview's servers hadn't been breached and that there was “no compromise of Clearview's systems or network.” The company said that it's patched the unspecified hole that let the intruder in, and that whoever it was didn't manage to get their hands on customers' search histories.
Tor Ekeland, an attorney for Clearview, sent a statement to news outlets saying that breaches are just a fact of life nowadays:
Security is Clearview's top priority. Unfortunately, data breaches are part of life in the 21st century. Our servers were never accessed. We patched the flaw, and continue to work to strengthen our security.
Clearview, which has sold access to its gargantuan faceprint database to hundreds of law enforcement agencies, first came to the public's attention in January when the New York Times ran a front-page article suggesting that the “secretive company […] might end privacy as we know it.”
In its exposé, the Times revealed that Clearview has quietly sold access to faceprints and facial recognition software to more than 600 law enforcement agencies across the US, claiming that it can identify a person based on a single photo, reveal their real name and far more.
Within a few weeks of the Times article, Clearview found itself being sued in a potential class action lawsuit that claims the company amassed the photos out of “pure greed” to sell to law enforcement, thereby violating the nation's strictest biometrics privacy law – the Biometric Information Privacy Act (BIPA).
Among the many online sources that Clearview has scraped to get all the biometric data it's selling (or giving away), Twitter, Facebook, Google and YouTube have ordered the company to stop its scraping – a practice that violates the social media giants' policies.