Employee ID company leaves 76,000 fingerprints exposed to hackers online along with email addresses and phone numbers
- Anteus Tecnolgia develops and distributes Fingerprint Identification Systems
- Security researchers discovered their database was unprotected
- The bucket contained 76,000 unique fingerprints of employees
- It also had 81.5 million records that contained emails and telephone numbers
- Hackers could use the information to make a biometric image of a person’s print
Nearly 76,000 unique fingerprints were exposed online in an unprotected database bellowing to a Brazilian firm that develops fingerprint identification systems for corporations.
Also in the bucket were email addresses and telephone numbers of the employees whose prints were being stored by the company Anteus Tecnolgia.
The fingerprint data included ridge bifurcation and ridge ending data, both of which describe characteristics used to tell fingerprints apart.
Although the information was stored as a binary data system, a string of zeros and ones, researchers who uncovered the database said cybercriminals could create a biometric image of the person’s fingerprint with the data.
Nearly 76,000 unique fingerprints were exposed online in an unprotected database bellowing to a Brazilian firm that develops fingerprint identification systems for corporations
The discovery was made by security researchers at Safety Detectives who access the database containing 16 gigabytes of information that included highly sensitive information related to identification and biometric details- but has since been secured, as first reported on by CNET.
The bucket belongs to Antheus Tecnologia, which develops and distributes Automated Fingerprint Identification Systems (AFIS), automated fingerprinting and other systems such as iris recognition devices.
And the firm claims to be the first Brazilian company to be certified by the US Federal Bureau of Investigation (FBI) and develops biometric solutions for domestic and overseas clients.
Security Detectives found more than 81.5 million records that contained employee emails and telephone numbers, along with the 76,000 fingerprints.
Although the information was stored as a binary data system, a string of zeros and ones, researchers who uncovered the database said cybercriminals could create a biometric image of the person’s fingerprint with the data
‘The unsecured method in which Antheus Tecnologia stores information is rather alarming considering its importance. It’s even more alarming that Antheus Tecnologia was built and deployed by a security company,’ Security Detectives.
‘Instead of saving a hash of the fingerprint (that cannot be reverse-engineered), Antheus is saving people’s actual fingerprints through rudimentary encoding which can then be replicated for malicious purposes.’
The team explained that bad actors could use the information left unprotected to commit illegal and dangerous activities such as gaining access to restricted or classified information, extortion, phishing attacks and more.
The discovery was made by security researchers at Safety Detectives who access the database containing 16 gigabytes of information that included highly sensitive information related to identification and biometric details- but has since been secured
‘Data breaches relating to fingerprint data is particularly concerning because of the inherent inability for users to refresh their security information,’ researchers share.
‘Given current consumer and professional trends, fingerprints are replacing typed passwords in many consumer goods such as phones and laptops.’
‘Most fingerprint scanners on consumer goods are encrypted, so when a hacker develops technology to replicate your fingerprint, they could gain access to all the private information such as messages, photos and payment methods stored on your device.’