A Chinese facial recognition company left its database exposed online, revealing information on millions of people, a security researcher discovered.
SenseNets, a company based in Shenzhen, China, offers facial recognition technology and crowd analysis, which the company boasted in a promotional video could track people across cities and pick them out in large groups.
The company left its database exposed online without a password, Victor Gevers, a Dutch security researcher with the GDI Foundation, discovered on Wednesday morning.
The database contained more than 2.5 million records on people, including their ID card number, their address, birthday, and locations where SenseNets' facial recognition has spotted them.
From the last 24 hours, there were more than 6.8 million locations logged, Gevers said.
"Knowing when someone is not in the office or at home can be useful for simple burglar crimes, but also social engineering attacks to get into buildings," Gevers said in a message.