A web server containing records of about 76,000 unique Antheus Tecnologia.was left exposed on the internet, researchers said Wednesday. The unsecured fingerprint data, as well as employee email addresses and telephone numbers, had been collected by Brazilian company
The database, which contained nearly 2.3 million data points, most of which were server access logs, has now been secured, according to Anurag Sen, the researcher who published his findings with antivirus review site Safety Detectives. The fingerprint data was stored as a binary data stream, which is a string of ones and zeroes. Sen said bad actors may be able to turn that data back into a biometric image of a fingerprint.
And even if they can’t find a way to use the data for bad purposes at the moment, that will change as technology advances, Sen said.
“It might be that in the future they’ll find a way to exploit it,” Sen said. “Fingerprints are permanent throughout life.”
Antheus Tecnologia didn’t immediately respond to a request for comment.
The research is another example of, a growing problem that reveals sensitive data to anyone with the right IP address. As companies move internal data to the cloud from their own servers, inexperienced IT staff often accidentally leave the web-based databases without password protection. This has revealed the of theatergoers in Peru, the held in a UK marketing database and the medical records of in the US. Researchers and try to get companies to secure the data.
Password protection isn’t the only way to keep cloud databases safe. A new feature from software maker MongoDB lets database managerson the cloud. But for either of these approaches to work, the features have to be turned on and configured correctly.
The fingerprint data included ridge bifurcation and ridge ending data, both of which describe characteristics used to tell fingerprints apart. Logs in the exposed cache also let researchers see which records were associated with a specific fingerprint scan. Other serious exposures of fingerprint data include the breach of the US Office of Personnel Management in 2015, in which hackers stole background check data on federal employees, including more than.
In his report with Safety Detectives, Sen said the importance of keeping fingerprints securely stored is growing. Indeed, academic researchers have created biometric replicas that can fool fingerprint readers in a simulated setting (they didn’t test real phones). In the future, hackers could use a high-quality fake to access the private information on your phone or computer, Sen said, “such as messages, photos and payment methods stored on your device.”
- Colleges That Require Coronavirus Screening Tech Struggle to Say Whether It Works – The New York Times
- Colleges That Require Virus-Screening Tech Struggle to Say Whether It Works – The New York Times
- Gender Equality in Tech (GET) Cities Expands to DC to Diversify the Tech Ecosystem – Yahoo Finance
- Turkey Widens War Tech Hunt by Tapping Pakistan’s China Ties – Bloomberg
- Tech recruiting lessons in the Covid-19 era – Information Age
- Virtual tech event highlights local STEM professionals during WHAT I CAN BE! Tech Career Showcase – Herald-Mail Media
- Accenture’s Tech Push Makes It World’s Most Acquisitive Company – Bloomberg
- Tech Hosts Duke for Senior Night – Men’s Basketball — Georgia Tech Yellow Jackets – Georgia Tech Official Athletic Site
- No. 22/19 Tech set for final home game, takes on Cards – VT hokiesports.com