Someone stole the client list of a somewhat obscure company called Clearview AI. While that might not seem like much, the company was recently in the news for all the wrong reasons – it claims that it scrapes the Internet for public images to use for facial recognition, to then sell that data to law enforcement.
Clearview AI would not be the first company to try to sell data to police, but the suspicious part is that nobody knows who actually gets access to their data. And the company has yet to make any statement regarding their client list, with the exception of a small “trust us” blog post.
According to a Daily Beast report,
Clearview AI notified its clients that an intruder accessed a list of
customers. It said the servers and infrastructure remain untouched, but that
doesn’t seem to have been the goal of the presumptive attacker.
The company avoided the word “hacker”
and only referred to someone gaining “unauthorized access.” The vulnerability
was fixed and whoever got the client list had no access to the law-enforcement
agencies’ search histories.
“Security is Clearview’s top priority,” company
attorney Tor Ekeland told The Daily Beast. “Unfortunately, data breaches are
part of life in the 21st century. Our servers were never accessed. We patched
the flaw, and continue to work to strengthen our security.”
For now, there is no indication that the
client list was released to the public and it’s not clear how extensive the
intrusion really was.