Facial recognition startup Clearview AI says its full client list was stolen

Most of the company's customers are law enforcement agencies.

You might expect a high-profile (and controversial) facial recognition startup like Clearview AI would have its data locked down, but it turns out it's just as vulnerable as almost any other company to malicious individuals. In a notification obtained by The Daily Beast, the company says a recent vulnerability allowed someone to gain "unauthorized access" to a list of all of its customers. Clearview works with approximately 600 law enforcement agencies across North America, including the Chicago Police Department.

That same intruder also knows how many accounts those organizations set up, as well as how many searches they've conducted in the past. The company claims its servers weren't breached, and that it was able to shore up the vulnerability. Thankfully, it doesn't appear the intruder was able to access Clearview's database of three billion images.

"Security is Clearview's top priority," Tor Ekeland, an attorney for the company, told The Daily Beast. "Unfortunately, data breaches are part of life in the 21st century. Our servers were never accessed. We patched the flaw, and continue to work to strengthen our security."

Clearview came under intense public scrutiny earlier this year when The New York Times published a report on the company. Clearview reportedly built its database by scraping publicly available photos from websites like Facebook, Instagram, YouTube and Venmo. Following the report, the companies that operate those websites, including Google and Facebook, sent cease-and-desist letters to Clearview. CEO Hoan Ton-That told CBS This Morning the company plans to challenge the letters in court by arguing that it has a First Amendment right to public information.