Clearview, a secretive facial-recognition startup that claims to scrape the Internet for images to use, has itself now had data unexpectedly scraped, in a manner of speaking. Someone apparently popped into the company's system and stole its entire client list, which Clearview to date has refused to share.
Clearview notified its customers about the leak today, according to The Daily Beast, which obtained a copy of the notification. The memo says an intruder accessed the list of customers, as well as the number of user accounts those customers set up and the number of searches those accounts have conducted.
"Unfortunately, data breaches are part of life in the 21st century," Tor Ekeland, an attorney for Clearview, told The Daily Beast. "Our servers were never accessed. We patched the flaw and continue to work to strengthen our security."
Clearview vaulted from obscurity to the front page following a report by The New York Times in January. The paper described Clearview as a "groundbreaking" service that could completely erode privacy in any meaningful way.
The company at the time claimed to have in place 600 agreements with law enforcement agencies to use its software, which allegedly aggregated more than 3 billion facial images from other apps, platforms, and services. Those other platforms and their parent companies—including Twitter, Google (YouTube), Facebook (and Instagram), Microsoft (LinkedIn), and Venmo—all sent Clearview cease and desist letters, claiming its aggregation of images from their services violates their policies.
Clearview, which stresses its service is "available only to law enforcement agencies and select security professionals," refused repeatedly to share client lists with reporters from several outlets. Reporters from The New York Times and BuzzFeed both dove into several of the company's marketing claims and found some strong exaggerations. Clearview boasts that its technology helped lead to the arrest of a would-be terrorist in New York City, for example, but the NYPD told BuzzFeed Clearview had nothing to do with the case.
In the face of public criticism, the company made exactly two blog posts, each precisely two paragraphs long. The first, under the subject line "Clearview is not a consumer application," insists, "Clearview is NOT available to the public," emphasis theirs. It adds, "While many people have advised us that a public version would be more profitable, we have rejected the idea."