Facial recognition is a highly sensitive issue, so much so that even government agencies proceed with a cautious footing when it comes to using such data to maintain law and order. But when private firms like the infamous Clearview AI get involved in such sensitive matters, it surely messes things up. That is exactly what has happened ever since the startup was launched. Clearview has been in the news for all the wrong reasons, and deservedly so. Now, it has effortlessly managed to grab the headlines, once again.

According to a report by Tech Crunch, Clearview’s database was there for the taking for anyone on the internet, after it reportedly exposed its source code due to a server misconfiguration. This was spotted by Mossab Hussein, chief security officer at Dubai-based cybersecurity firm SpiderSilk.

Mossab was able to get hold of a repository that held the app source code that Clearview uses to compile its apps. If this wasn’t enough, the repository also exposed Clearview’s Slack tokens which would let anyone access the company’s internal messages without a password.

Interestingly though, this is not the first such incident related to the startup. Ever since Clearview AI came into existence, it has operated under a shady gambit of twisting the federal laws. It started with a high-profile expose of the startup by New York Times that got the startup on the radar. The report discussed how Clearview was shredding every logical definition of privacy as we know it to pieces while treading a fine line with respect to the law.

“You take a picture of a person, upload it and get to see public photos of that person, along with links to where those photos appeared. The system — whose backbone is a database of more than three billion images that Clearview AI claims to have scraped from Facebook, YouTube, Venmo and millions of other websites — goes far beyond anything ever constructed by the United States government or Silicon Valley giants,” the report read. More than 600 law enforcement agencies have started using Clearview in the past year, with the service costing as much as $50,000 for a two-year deal.

After it came to fore that Clearview was data-mining other platforms like Facebook, Twitter, YouTube, among others, the startup was served with “cease and desist” notices. Amidst all this, Clearview CEO Hon Ton-That came out fiercely defending their shady methods, saying they only accessed “public” information which is lawful under the First Amendment law.

Initially, it was thought that the only entities which had access to Clearview’s database were law enforcement agencies. Stunningly, in late February, Clearview accidentally released the list of its clients, which included not just the federal agencies, but names like Macy’s, Kohl’s, Walmart, NBA, among others- 2200 government agencies, individual, and companies across 27 countries.

If you think the worst is done, there’s more. In March, the New York Times published another report sensationally claiming that the company’s founders casually gave access to the software to potential investors and “friends,” who obviously abused it.

John Catsimatidis, an American billionaire businessman and CEO of Gristedes Foods, was reported to have gotten a picture of man his daughter was having dinner with, and later ran the photo through the Clearview database, because he wanted to make sure the man “wasn’t a charlatan.” This is one of the numerous cases that were reported in the New York Times report.