A hacker stole the customer list of Clearview, the controversial startup that scraped three billion photos from the public internet to train a population-scale facial-recognition system sold to police and government agents.
Clearview notified its clients in an email on Wednesday that a miscreant “gained unauthorized access” to the internal information. The data included a list of customers, the number of user accounts those customers had created, and the total number of searches they ran using Clearview’s software, the Daily Beast was first to report.
In a statement, Clearview's attorney Tor Ekeland told The Register: “Security is Clearview’s top priority. Unfortunately, data breaches are part of life in the 21st century. Our servers were never accessed. We patched the flaw, and continue to work to strengthen our security.”
Er, OK, so, someone “gained unauthorized access” to internal records, but "servers were never accessed," although a "flaw" was "patched." Right. This could mean a third-party system, or cloud service, or a personal computer, storing the purloined data was accessed by the thief, via a security hole for which a fix was available and only now applied.
Mysterious face-recog AI startup Clearview sued, capabilities questioned after scraping billions of web picsREAD MORE
Clearview's spinners declined to give us a clear view of what really happened. The Register also sought Ekeland for clarification.
The New York City biz's main customers are federal agents and police: its facial-recognition tool was reportedly touted to the FBI and Uncle Sam's Homeland Security, and the company boasted about working with the New York Police Department. Rather embarrassingly the Big Apple's finest said they hadn't used the software at all. The system works thus: you give it a picture of a suspect, and it tries to match the snap to one of three billion faces scraped from Facebook, LinkedIn, YouTube, and so on. If it finds a hit, it returns details about the profile or webpage it found the photo on, allowing investigators to discover the identity of the wanted person.
The AI upstart made headlines last month when it admitted downloading billions of images shared online via public social accounts, from Instagram to Venmo, and Twitter, potentially violating the platforms' terms of service. Clearview was hit with cease-and-desist letters from internet giants demanding Clearview stop scraping photos and delete them all from its database.
CEO Hoan Ton-That claimed his startup has done nothing wrong. Since all the images were freely available on the web, Clearview has a “First Amendment right to public information," he said in a telly interview earlier this month. ®