The web-based Biostar 2 biometrics lock system is managed by Suprema and contains the fingerprints of more than a million people, as well as unencrypted usernames and facial recognition information, which are used by the security firm to secure facilities like warehouses or office buildings, according to The Guardian.
According to the newspaper, Israeli security researchers Noam Rotem and Ran Loca found last week that Biostar 2’s database was unprotected as they were able to gain access to data by manipulating URL search criteria.
The researchers accessed more than 27.8 million records and 23 gigabytes worth of information such as fingerprint data, facial recognition data, user photos, as well as unencrypted usernames and passwords, the Guardian said.
"The access allows, first of all, seeing millions of users are using this system to access different locations and see in real time which user enters which facility or which room in each facility, even. We [were] able to change data and add new users", one of the researchers told the Guardian.
Suprema said in June that its Biostar 2 platform had been integrated into another access control system, AEOS. According to The Guardian, the system is used in 83 countries by more than 5,000 organisations, including governments and banks.