The exposed data belongs to a tech company called Xinai Electronics based in Hangzhou on China’s east coast. The company builds systems for controlling access for people and vehicles to workplaces, schools, construction sites, and parking garages across China. Its website touts its use of facial recognition for a range of purposes beyond building access, including personnel management, like payroll, monitoring employee attendance and performance, while its cloud-based vehicle license plate recognition system allows drivers to pay for parking in unattended garages that are managed by staff remotely. It’s through a vast network of cameras that Xinai has amassed millions of face prints and license plates, which its website claims the data is “securely stored” on its servers. But it wasn’t. Security researcher Anurag Sen found the company’s exposed database on an Alibaba-hosted server in China and asked for TechCrunch’s help in reporting the security lapse to Xinai. Sen said the database contained an alarming amount of information that was rapidly growing by the day, and included hundreds of millions of records and full web addresses of image files hosted on several domains owned by Xinai.
Read more of this story at Slashdot.