Clearview AI, an American startup that collects billions of photos for facial recognition technology, has recently announced that it has lost its entire client list to hackers.

The company, that has previously claimed to have scraped over 3 billion photos from various online sources retains those photos in its database even after internet users delete them from the platforms or make their accounts private.

In a statement, Clearview AI’s attorney Tor Ekeland said that while security is the company’s top priority, “unfortunately, data breaches are a part of life. Our servers were never accessed.”

He adds, that the flaw has been patched and that Clearview AI continues “to work to strengthen our security.”.

In response to the recent hacking news, Carl Morris, Lead Security Researcher, Orange Cyberdefense, commented:

“The timing of this attack is particularly interesting. The company has faced criticism following media reports alleging that Clearview AI’s database stores photos after users have deleted them from their social media accounts.

It is telling that the company has already said that it has patched the flaw which led to the breach. Vulnerability management is a crucial part of any business – priority should be given to update technology that cause the most impact when compromised.

That being said, Clearview’s assertion that there was “no compromise of Clearview’s systems or network” may suggest that a misconfiguration caused the confidential customer data to be publicly accessible.

This should set alarm bells ringing with their customers, especially considering the scrutiny facial recognition technology is under, with debates ongoing concerning both its potential use and abuse, which it has in equal measures.”