Thursday, May 8, 2025
HomeData BreachBiometric Security Platform Data Breach Leaked Millions of Users Facial Recognition &...

Biometric Security Platform Data Breach Leaked Millions of Users Facial Recognition & Fingerprinting Data

Published on

SIEM as a Service

Follow Us on Google News

Security researchers discovered the biggest data breach in Biometric Security Platform BioStar 2 that leaks millions of users facial recognition records, fingerprints, log data, and other personal information.

BioStar 2, a web-based biometric security smart lock platform by world’s biggest bio-access B2B company Suprema, and the platform used by UK Metropolitan police, defense contractors and banks, many local businesses and government networks.

Biostar 2 biometrics lock system deployed as a centralized system that offers user registration, real-time alarm, and door control in office builds and data warehouse.

- Advertisement - Google News

In order to identify users, it also supporting facial recognition and fingerprinting technology to identify users.

The usage of Biostar 2 usage has been expanded since it was integrated into the AEOS access control system used by over 5,700 organizations in 83 countries.

A report published by security researchers from vpnmentor were able to access over 1 million fingerprint records, as well as facial recognition information.

Leaked data includes the personal information of employees and unencrypted usernames and passwords which is also highly sensitive in nature.

The team from vpnmentor was able to access over 27.8 million records, a total of 23 gigabytes of following data:

1. Access to client admin panels, dashboards, back end controls
2. Fingerprint data
3. Facial recognition information and images of users
4. Unencrypted usernames, passwords, and user IDs
5. Records of entry and exit to secure areas
6. Employee records including start dates
7. Employee security levels and clearances
8. Personal details, including employee home address and emails
9. Businesses’ employee structures and hierarchies
10. Mobile device and OS information

Biostar 2 platform has deployed over 1.5 million worldwide installations, and all of these could be vulnerable to this leak.

Facial recognition and fingerprint information are highly sensitive than any other data and once the data is stolen it cannot be changed, and it affects to rest of their life.

If these sensitive data take over by the cybercriminals, it will mishandle by them and leads to high risk for the organization and government networks, which allows to breach the companies network and take over the accounts.

“Hackers can change the fingerprints of existing accounts to their own and hijack a user account to access restricted areas undetected. Hackers and other criminals could potentially create libraries of fingerprints to be used any time they want to enter somewhere without being detected. “

Even it compromise the companies physical security and allow criminals to perform Robbery and steal valuable information, plant viruses, monitor and exploit systems.

Sponsored:  – Manage all the Endpoint networks from a single Console.

You can follow us on LinkedinTwitterFacebook for daily Cybersecurity updates also you can take the Best Cybersecurity course online to keep yourself updated.

Balaji
Balaji
BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.

Latest articles

Top Ransomware Groups Target Financial Sector, 406 Incidents Revealed

Flashpoint analysts have reported that between April 2024 and April 2025, the financial sector...

Agenda Ransomware Group Enhances Tactics with SmokeLoader and NETXLOADER

The Agenda ransomware group, also known as Qilin, has been reported to intensify its...

SpyCloud Analysis Reveals 94% of Fortune 50 Companies Have Employee Data Exposed in Phishing Attacks

SpyCloud, the leading identity threat protection company, today released an analysis of nearly 6...

PoC Tool Released to Detect Servers Affected by Critical Apache Parquet Vulnerability

F5 Labs has released a new proof-of-concept (PoC) tool designed to help organizations detect...

Resilience at Scale

Why Application Security is Non-Negotiable

The resilience of your digital infrastructure directly impacts your ability to scale. And yet, application security remains a critical weak link for most organizations.

Application Security is no longer just a defensive play—it’s the cornerstone of cyber resilience and sustainable growth. In this webinar, Karthik Krishnamoorthy (CTO of Indusface) and Phani Deepak Akella (VP of Marketing – Indusface), will share how AI-powered application security can help organizations build resilience by

Discussion points


Protecting at internet scale using AI and behavioral-based DDoS & bot mitigation.
Autonomously discovering external assets and remediating vulnerabilities within 72 hours, enabling secure, confident scaling.
Ensuring 100% application availability through platforms architected for failure resilience.
Eliminating silos with real-time correlation between attack surface and active threats for rapid, accurate mitigation

More like this

Healthcare Sector Becomes a Major Target for Cyber Attacks in 2025

The healthcare sector has emerged as a prime target for cyber attackers, driven by...

TikTok Hit with €530 Million Fine Over Data Transfers to China

Irish Data Protection Commission (DPC) has imposed a landmark €530 million fine on TikTok...

Subscription-Based Scams Targeting Users to Steal Credit Card Information

Cybersecurity researchers at Bitdefender have identified a significant uptick in subscription-based scams, characterized by...