Home > Tech > Tech Industry

Major security flaw exposes fingerprints of more than 1 million people

Another day, another data breach
 By 
Marcus Gilmer
 on 
Share on Facebook Share on Twitter Share on Flipboard
Major security flaw exposes fingerprints of more than 1 million people
Another breach exposed millions of pieces of data, including fingerprints and passwords of over a million users. Credit: Alexander Supertramp / SHUTTERSTOCK

Exposed passwords are bad enough. But fingerprint and facial recognition data? That’s terrifying.

Suprema's Biostar 2 biometric security system came under scrutiny after vpnMentor and two researchers -- Noam Rotem and Ran Locar -- uncovered a major flaw that exposed the biometric data of more than 1 million people, according to The Guardian.

Biostar 2 is a security platform that, in part, utilizes facial recognition and fingerprints to control access to buildings and other secure facilities. Making the potential breach even worse: Biostar 2 was recently integrated into Nedap's AEOS security platform, which is used for security by thousands of companies and organizations in more than 80 countries.

The researchers said not only was the database unencrypted, but was accessed by tweaking URL search criteria in Elasticsearch, a search and analytics engine. And it contained a lot of data.

The Guardian reported that the researchers "had access to over 27.8m records, and 23 gigabytes-worth of data including admin panels, dashboards, fingerprint data, facial recognition data, face photos of users, unencrypted usernames and passwords, logs of facility access, security levels and clearance, and personal details of staff."

According to vpnMentor, the exposed data was discovered on Aug. 5, 2019. Two days later, they notified Biostar 2 of the issue and by Aug. 13, the database was private. It's not known how long all of that information was accessible and if anyone, particularly bad actors, had gained access to the database.

What's more, vpnMentor reports that Biostar's office was "generally very uncooperative."

SEE ALSO: Amazon claims its Rekognition software can now detect fear

Among the U.S.-based businesses the researchers were able to access data for: co-working space Union and medical supply company Phoenix Medical. But The Guardian notes that organizations that are part of AEOS include "governments, banks and the UK Metropolitan police."

We've reached out to Suprema for additional comment but, for now, you can continue to rest, uh, uneasily knowing that your data will never be fully secure.

Featured Video For You
Judge rules that Feds can't force a person to unlock their phones

Topics Cybersecurity Facial Recognition

Mashable Image
Marcus Gilmer

Marcus Gilmer is Mashable's Assistant Real-Times News Editor on the West Coast, reporting on breaking news from his location in San Francisco. An Alabama native, Marcus earned his BA from Birmingham-Southern College and his MFA in Communications from the University of New Orleans. Marcus has previously worked for Chicagoist, The A.V. Club, the Chicago Sun-Times and the San Francisco Chronicle.

Mashable Potato
Recommended For You
'The Daily Show' reacts to Trump's name appearing 'more than a million times' in the Epstein files
By Shannon Connellan
Jordan Klepper hosts "The Daily Show" beside an image of Donald and Melania Trump, Jeffrey Epstein, and Ghislaine Maxwell.
Jimmy Kimmel responds to Trump being mentioned 'more than a million times' in Epstein files
By Sam Haysom
A man in a suit stands on a talk show stage. The caption at the bottom reads, "He said Donald Trump's name appear more than a million times."
Updating your security mindset: Keep your data private and your devices secure
By PCMag
Cyber Security
Clawdbot AI security risks you need to know before trying it
By Timothy Beck Werth
Two digitally animated hands.
iOS 26.4 available now: All updates, security improvements to know
By Chance Townsend
The Apple logo appears on a mobile phone screen in this photo illustration
More in Tech
The Guess Who? Pokémon Edition game just dropped. Here's where to buy it before it sells out.
By Lauren Allain
the new Pokemon guess who game on a purple and pink background
Prime members can get a free e-book every month with Amazon First Reads: See the April 2026 picks
By Samantha Mangino
illustrated hands holding a kindle with book pages on it, surrounded by a stack of books
Amazon has slashed $22 off the Lego Star Wars C-3PO buildable droid figure — buy now for under $120
By Hannah Hoolihan
lego star wars c-3po buildable droid figure against a pink and purple patterned background
Lego has dropped a World Cup collection featuring Messi and Ronaldo: Here’s where to pre-order now
By Joseph Green
New Lego Lionel Messi figure
The Magic: The Gathering Edge of Eternities Play Booster Box is below market price at TCGplayer
By Ben Williams
The Magic: The Gathering Edge of Eternities - Play Booster Box on a purple and red background
Trending on Mashable
NYT Connections hints today: Clues, answers for April 3, 2026
By Mashable Team
Connections game on a smartphone
Wordle today: Answer, hints for April 3, 2026
By Mashable Team
Wordle game on a smartphone
What's new to streaming this week? (April 3, 2026)
By Belen Edwards and Kristy Puchko
A composite of images from film and TV streaming this week.
Google launches Gemma 4, a new open-source model: How to try it
By Matt Binder
Google Gemma
AirDrop on Pixel: Every Google smartphone that supports the Apple feature
By Alex Perry
Google Pixel 10 against blue background
The biggest stories of the day delivered to your inbox.
These newsletters may contain advertising, deals, or affiliate links. By clicking Subscribe, you confirm you are 16+ and agree to our Terms of Use and Privacy Policy.
Thanks for signing up. See you at your inbox!