1. Forum
  2. TQWNet
  3. TQW GENTECH

  • Time tracker tool spilled details on remote workers - millions of

    From TechnologyDaily@1337:1/100 to All on Friday, January 10, 2025 11:15:05
    Time tracker tool spilled details on remote workers - millions of screenshots leaked

    Date:
    Fri, 10 Jan 2025 11:08:52 +0000

    Description:
    Screenshots of company information and credentials are leaking from a misconfigured Amazon S3 bucket.

    FULL STORY ======================================================================An Amazon S3 bucket is leaking sensitive screenshots of remote workers The
    bucket is owned by WebWork Tracker The leak is putting company data and credentials at risk

    A storage bucket associated with the WebWork Tracker application has been leaking sensitive info and company data online, with upwards of 13 million screenshots reportedly breached.

    The WebWork Tracker software is used by organizations to monitor remote workers by taking regular screenshots of the workers screen to show the employer what they have been working on.

    However, the Amazon S3 bucket that the screenshots were stored on was misconfigured, lacking the end-to-end encryption that the Armenian-based company states it uses to safely store sensitive screenshots. Company data, credentials, and API keys at risk

    The bucket was discovered by the Cybernews research team on June 11, with the team reaching out to the WebWork Tracker team on multiple occasions since August 13 to alert the organization to the leaking bucket, but received no response.

    As a result, Cybernews notified the Computer Emergency Response Team (CERT).

    The remote worker tracking software is used by a number of businesses across the US, including remote-hiring company Deel, which is based in the US. Cybernews also found many other businesses across Austria, the Netherlands, and India that also used the software.

    As a result of the leaking files, it is possible that the company has
    violated EU General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA). GDPR fines can be 20 million or 4% of global revenue, whichever is greater, with CCPA fines reaching $2,500 per non-intentional violation.

    Redacted screenshots from the database shared by Cybernews show spreadsheets containing credentials and sensitive customer information, making the leaking database a prime target for threat actors looking to use supply-chain attacks to compromise organizations. You might also like These are the best password managers around today Take a look at the best business VPN European
    Commission hit by EU court fine after breaking own data privacy rules



    ======================================================================
    Link to news story: https://www.techradar.com/pro/security/time-tracker-tool-spilled-details-on-re mote-workers-millions-of-screenshots-leaked


    --- Mystic BBS v1.12 A47 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)