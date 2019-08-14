Last week, Israeli security researchers Noam Rotem and Ran Locar discovered a mostly unencrypted publicly accessible Biostar 2 database online. The database included fingerprints, facial scans, usernames and passwords, and personal information of over 1 million people.

Biostar 2 is a biometrics lock system developed by the security company Suprema that integrates with the AEOS access control system. The AEOS just happens to be used in 83 countries worldwide and 5,700 organizations, including governments, banks, and the UK Metropolitan Police.

Rotem and Locar happened upon this database during a side project with vpnmentor where they scan "ports looking for familiar IP blocks, and then use these blocks to find holes in companies' systems that could potentially lead to data breaches."

After the pair found Biostar 2's database, they were able to search the database and manipulate URLs to gain access to the data.