Clearview AI exposes source code to controversial facial recognition app and company credentials

Security researchers say a misconfigured server owned by the controversial facial recognition company, Clearview AI, exposed its software's source code as well as internal credentials and keys. According to TechCrunch, which first reported on the flaw, Mossab Hussein, the chief security officer at SpiderSilk, a security firm based in Dubai, uncovered a flawed Clearview server storing sensitive data, allowing users to bypass its password protection. Specifically, Hussein found that a misconfiguration allowed anyone to register as a new user and access the database containing Clearview's code regardless of whether they had entered password. TechCrunch reports that, in addition to source code that would allow anyone to use Clearview's software, the database also contained passwords and other keys that would allow one to access the company's cloud storage buckets. Finished versions of Clearview's apps for iOS and Android as well as pre-developer beta versions were contained in those buckets, TechCrunch reports.