Over 49,000 misconfigured building access systems exposed online

Researchers discovered 49,000 misconfigured and exposed Access Management Systems (AMS) across multiple industries and countries, which could compromise privacy and physical security in critical sectors. Access Management Systems are security systems that control employee access to buildings, facilities, and restricted areas via biometrics, ID cards, or license plates. Security researchers at Modat conducted a comprehensive investigation in early 2025 and discovered tens of thousands of internet-exposed AMS that were not correctly configured for secure authentication, allowing anyone to access them. The exposed AMS contained sensitive unencrypted employee data, including: Personal identification details (names, email addresses, phone numbers) Biometric data like fingerprints and facial recognition Photographs Work schedules Access logs indicating who entered/exited and when In some cases, Modat could edit employee records, add fake employees, change access credentials, or mani ... Read full article.