Bad news for the controversial facial recognition startup Clearview AI, hackers gained “unauthorized access” to a list of all of its customers. 

The controversial facial-recognition company that contracts with law-enforcement agencies announced that attackers have gained unauthorized access to its entire client list. The company already informed its customers of the security breach.

The startup came under scrutiny after media reported that it had scraped more than 3 billion photos from social media (Facebook, YouTube, and Twitter) for facial recognition purposes.

The company has been hit with class-action lawsuits by American citizens, but the company refused any accusation remarking that it was authorized by the First Amendment to scrape public data.

“In the notification, which The Daily Beast reviewed, the startup Clearview AI disclosed to its customers that an intruder “gained unauthorized access” to its list of customers, to the number of user accounts those customers had set up, and to the number of searches its customers have conducted.” reported the Daily Beast that had access to the notification sent by the company to the customers.

The company pointed out that its servers and its network were not breached by the attackers. The startup also announced to have fixed the vulnerability that allowed the attackers to access the client list, the good news is that attackers did not obtain any law-enforcement agencies’ search histories.

Stolen records include customer names, the user accounts that the customers had set up, and the number of searches that they ran.

“Unfortunately, data breaches are part of life in the 21st century. Our servers were never accessed. We patched the flaw, and continue to work to strengthen our security,” said Tor Eklund, an attorney representing the company.

Pierluigi Paganini