Clearview, a Startup Probably Holding Your Image, Gets Hacked
Clearview AI sells facial recognition services based on the 3 billion images of us that it claims to hold. Predictably, this young, agile startup has been hacked in an embarrassing data breach.
The company lost control of its customer database, it warns its customers. And—wow—isn’t this a convenient time to announce the breach?
Yep, right in the middle of the RSA Conference. In today’s SB Blogwatch, we un-bury the story.
Your humble blogwatcher curated these bloggy bits for your entertainment. Not to mention: Boring mashup.
Sorry-Not-Sorry
What’s the craic? Betsy Swan reports—“Facial-Recognition Company That Works With Law Enforcement Says Entire Client List Was Stolen”:
According to a notification the company sent to its customers … the startup Clearview AI disclosed to its customers that an intruder “gained unauthorized access” to its list of customers, to the number of user accounts those customers had set up, and to the number of searches its customers have conducted.
…
The firm drew national attention when The New York Times … reported that the company scraped 3 billion images from the internet, including from Facebook, YouTube, and Venmo. That process violated Facebook’s terms of service, according to the paper.
…
Tor Ekeland, an attorney for the company, said … “Security is Clearview’s top priority. … Unfortunately, data breaches are part of life.”
Wait. I’m sorry, what? Sara Morrison sounds horrified—“the world’s scariest facial recognition company can’t even keep its own data secure”:
Ekeland seemed blasé about the news in his response. … Sen. Edward J. Markey [said] Clearview’s comments would be “laughable” if its “failure to safeguard its information wasn’t so disturbing and threatening to the public’s privacy … and this breach is yet another sign that the potential benefits of Clearview’s technology do not outweigh the grave privacy risks it poses.”
…
That client list might be particularly sensitive, as Clearview claims it works with hundreds of federal and state law enforcement agencies. (A BuzzFeed News report said those numbers are inflated.)
…
Clearview is playing the breach off as a minor and quickly solved problem. … How much confidence [should we] have in the cybersecurity practices of a private company we know little about and have no reason to trust? If security is indeed Clearview’s top priority, this data breach doesn’t bode well.
So Marietje Schaake seethes with displeasure:
Remember the story on Clearview AI, the Facial Recognition Company that shocked many of you? … Their entire database was compromised. Their answer: breaches happen.
…
Are breaches ‘part of life’ as Clearview suggests, or part of a crappy businessmodel with even crappier security? There need to be consequences for the mishandling or stealing of data!
Any sympathy for the Devil? Sarty gathers no moss:
Truly a “**** you, sorry-not-sorry” for the ages. Hopefully incompetently-run garbage data mining companies going belly-up is [also] a part of life.
Yeah. And Kate Cox quips, “Losing data to an intruder is not a great look for a law enforcement partner”:
The New York Times … described Clearview as a “groundbreaking” service that could completely erode privacy in any meaningful way.
…
Twitter, Google (YouTube), Facebook (and Instagram), Microsoft (LinkedIn), and Venmo all sent Clearview cease and desist letters, claiming its aggregation of images from their services violates their policies.
…
Clearview boasts that its technology helped lead to the arrest of a would-be terrorist in New York City. … But the NYPD [said] Clearview had nothing to do with the case.
Ouch. thereddaikon sounds delicious:
There is no room for a company like clearview in a free society.
It feels like we’ve seen this before. DiavoJinx shares the déjà vu:
Oh good, a tech startup that screwed up security right away. Now their CEO can get the tech-startup-CEO-non-apology trite line “We must do better, we promise to do better” out of the way and steamroll forward with continued reckless abandon.
Yeah, we should have seen it coming. denny_deluxe sees the irony:
I’d feel bad about them and their customers having their privacy violated. Except, you know, violating people’s privacy is their entire business model.
Meanwhile, Josh Butler carries the story on a silver platter: [You’re fired—Ed.]
We’re Clearview AI, the company that has collected all your faces for a terrifying facial recognition database, but there’s nothing to worry about!
(five seconds later)
We regret to inform you we have predictably been hacked.
And Finally:
Tab A in slot B, until epic drop at 1’45
You have been reading SB Blogwatch by Richi Jennings. Richi curates the best bloggy bits, finest forums, and weirdest websites… so you don’t have to. Hate mail may be directed to @RiCHi or [email protected]. Ask your doctor before reading. Your mileage may vary. E&OE.
Image source: IBM Research Zurich (cc:by-nd)
