That same intruder also knows how many accounts those organizations set up, as well as how many searches they’ve conducted in the past. The company claims its servers weren’t breached, and that it was able to shore up the vulnerability. Thankfully, it doesn’t appear the intruder was able to access Clearview’s database of three billion images.

“Security is Clearview’s top priority,” Tor Ekeland, an attorney for the company, told The Daily Beast. “Unfortunately, data breaches are part of life in the 21st century. Our servers were never accessed. We patched the flaw, and continue to work to strengthen our security.”

Clearview came under intense public scrutiny earlier this year when The New York Times published a report on the company. Clearview reportedly built its database by scraping publicly available photos from websites like Facebook, Instagram, YouTube and Venmo. Following the report, the companies that operate those websites, including Google and Facebook, sent cease-and-desist letters to Clearview. CEO Hoan Ton-That told CBS This Morning the company plans to challenge the letters in court by arguing that it has a First Amendment right to public information.