The company markets a facial recognition tool that lets police upload a photo of a face and search it against a database of billions of images scraped from social media to identify suspects.
Clearview's client base is mostly made up of law enforcement agencies including police departments in Toronto, Atlanta and Florida. The intruder also gained access to the number of user accounts each customer had set up, and to the number of times each customer searched Clearview's database.
While the exact nature of the breach is still unknown, the company said that the flaw has already been patched, and that there was "no compromise of Clearview's systems or network".
"While their attorney rightly states that data breaches are a fact of life in modern society, the nature of Clearview AI's business makes this type of attack particularly problematic", Mackey explained.
The idea of a facial-recognition database is concerning before the possibility of data breaches. The company has so far collected almost 3 billion photographs of users from numerous social media platforms like Facebook, Instagram, Twitter, and YouTube. Twitter, and then later Facebook, sent cease and desist letters to the company requesting it stop harvesting its user data as it violated privacy policies.
Last month, Markey expressed concerns about Clearview's technology, writing to Clearview AI CEO Hoan Ton-That that law enforcement's use of technology to protect the public "should not come at the expense of our basic privacy rights".
But Clearview's security should be thoroughly scrutinized and tested before it begins scraping more images, or opening its services to law enforcement agencies like the Federal Bureau of Investigation and Department of Homeland Security. Our servers were never accessed.
Calling out the lack of information in the disclosure, Tim Erlin, vice president of product management and strategy at cybersecurity company Tripwire Inc. "We patched the flaw and continue to work to strengthen our security", said Tor Ekeland to The Daily Beast.
"It is far better that companies like Google, Microsoft, AWS and IBM offer facial recognition because they have the capabilities to do it well and the reputational-risk to ensure that it is done as ethically as possible versus companies like Clearview who can operate in the dark until a scandal brings them to the public attention".