Biostar security software ’leaked a million fingerprints’ - Webroot comment
August 2019 by Kelvin Murray, Senior Threat Researcher at Webroot
Following today’s news of Biostar 2 exposing a million fingerprints online, Kelvin Murray, Senior Threat Researcher at Webroot, has prepared a comment regarding the significance of this leak.
“The fact that this biometric data was stored plainly and not in hashed form raises some serious concerns and is unacceptable. Biometrics deserve greater privacy protections than traditional credentials, they’re part of you and there’s no resetting a fingerprint or face. Once fingerprint and facial recognition data is leaked or stolen, the victim can never undo this breach of privacy. The property that makes biometrics so effective as a means of identification is also its greatest weakness. Organisations and consumers must critically appraise the organisations who they are entrusting their data to. If there are any question marks, then it’s not worth the risk and alternatives should be sought.
The nature of this breach also raises a question about penalties levied when biometric data is exposed – should these organisations be punished more severely if they were deemed to be criminally negligent with this data? As this technology is still fairly new, it will be interesting how regulatory bodies respond to these types of breaches in future.”