Massive data leak exposes screenshots of workers monitored by WebWork Tracker tool. More than 13 million sensitive images have been left accessible online, putting corporate data and many users around the world at risk.
The remote worker monitoring has become a common practice for many companiesparticularly since the rise of telework. Of the tools as WebWork Tracker allow employers to monitor the activities of their employees by taking captures regular from their screen. This surveillance is not without abuse: in the United States, certain employees have used devices to simulate their teleworking activity, which resulted in them being fired.
Remote workers are also being targeted by scammers offering fake job offers online. But that’s not all, recently a cybersecurity researcher discovered thatan Amazon S3 online storage spaceused by the WebWork Tracker application, had been poorly configured. Result: more than 13 million screenshotsincluding sensitive information such as identifiers, customer data and API keys, were publicly accessible.
13 million screenshots expose sensitive company data
Screenshots contained in the database include confidential documentsspreadsheets containing identifiers and even customer information. This leak exposes companies using this tool to supply chain attacks, where pirates exploit compromised data to infiltrate their systems. WebWork Tracker users include companies in the United States, Austria, the Netherlands and India, making the scale of this exposure even more alarming.
-In addition to compromising data confidentiality, this leak could lead to significant legal sanctions. European (GDPR) and Californian (CCPA) regulators impose severe fines for this type of violation: up to 20 million euros or 4% of global turnover for GDPR, and $2,500 per unintentional infringement for CCPA. Despite several alerts sent by cybersecurity researchers, the company did not react, increasing the risks for users. To reduce these risks, it is essential that workers use protection tools like VPNs and antiviruses to secure their work data.
Source : cybernews
