Remember meForgot password?
    Log in with Twitter

article imageMisconfigured server exposes ClearView AI's source code Special

By Tim Sandle     Apr 18, 2020 in Technology
SpiderSilk, a Dubai-based cybersecurity firm found a misconfigured server belonging to facial recognition startup Clearview AI. The misconfiguration exposed internal files, secret keys and credentials, apps, source code, and employee messages.
Clearview has attracted attention in relation to the privacy implications of its facial recognition technology. It now seems that the company has also attracted the attention of hackers. According to TechCrunch, a security weakness at startup Clearview AI meant that its source code, plus cloud storage credentials, became publicly accessible. The Verge states that the server affected contained the source code to the company’s facial recognition database.
Commenting on the issue for Digital Journal, Anurag Kahol, CTO, Bitglass looks at the background of the attack: "Clearview AI’s latest security incident follows shortly after a data breach that compromised the company’s client list. This time around, a misconfigured setting in Clearview’s password-protected server allowed attackers to bypass authentication methods and gain access to the company’s most sensitive internal files such as its source code, employees’ private messages, and cloud storage buckets that hold copies of finished and pre-released developer versions of its app."
The consequence of this are, Kahol explains, that: "Bad actors could steal the exposed information for a competing company or leverage the secret keys and credentials to gain access to even more private information – as people commonly reuse their passwords across multiple accounts. Usually, when we talk about breaches and cloud misconfigurations, it’s customer or employee data that is at risk, but this is an example of a security incident that is putting a company’s intellectual property at risk."
The latest issue forms part of a problematic trend across industry, Kahol notes: "Misconfigured settings in servers happen far too often, and they are easy to overlook."
However, businesses can take action, as Kahol outlines: "To prevent future incidents and protect proprietary information, organizations must have full visibility and control over their data. This can be accomplished by leveraging multi-faceted solutions that enforce real-time access control, detect misconfigurations, encrypt sensitive data at rest, manage the sharing of data with external parties, and prevent data leakage."
There are other measures to consider too, Kahol as recommends: "Additionally, basic password protection is a must for organizations looking to protect their sensitive data in the cloud. Organizations must authenticate their users in order to ensure that they are who they say they are before granting them access to IT resources. Fortunately, multi-factor authentication (MFA) and user and entity behavior analytics (UEBA) are two tools that can help companies defend their corporate data.”
More about clearview AI, data leak, Cybersecurity
Latest News
Top News