A misconfigured server exposed the company’s internal files, apps and source code for anyone on the internet to find.
The repository contained Clearview’s source code, which could be used to compile and run the apps from scratch. The repository also stored some of the company’s secret keys and credentials, which granted access to Clearview’s cloud storage buckets. Inside those buckets, Clearview stored copies of its finished Windows, Mac and Android apps, as well as its iOS app, which Apple recently blocked for violating its rules. The storage buckets also contained early, pre-release developer app versions that are typically only for testing.
The repository also exposed Clearview’s Slack tokens which, if used, could have allowed password-less access to the company’s private messages and communications.