Time tracker tool spilled details on remote workers - millions of screenshots leaked

4 days ago 3
Stress
(Image credit: Shutterstock)

  • An Amazon S3 bucket is leaking sensitive screenshots of remote workers
  • The bucket is owned by WebWork Tracker
  • The leak is putting company data and credentials at risk

A storage bucket associated with the WebWork Tracker application has been leaking sensitive info and company data online, with upwards of 13 million screenshots reportedly breached.

The WebWork Tracker software is used by organizations to monitor remote workers by taking regular screenshots of the workers screen to show the employer what they have been working on.

However, the Amazon S3 bucket that the screenshots were stored on was misconfigured, lacking the end-to-end encryption that the Armenian-based company states it uses to safely store sensitive screenshots.

Company data, credentials, and API keys at risk

The bucket was discovered by the Cybernews research team on June 11, with the team reaching out to the WebWork Tracker team on multiple occasions since August 13 to alert the organization to the leaking bucket, but received no response.

As a result, Cybernews notified the Computer Emergency Response Team (CERT).

The remote worker tracking software is used by a number of businesses across the US, including remote-hiring company Deel, which is based in the US. Cybernews also found many other businesses across Austria, the Netherlands, and India that also used the software.

As a result of the leaking files, it is possible that the company has violated EU General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA). GDPR fines can be €20 million or 4% of global revenue, whichever is greater, with CCPA fines reaching $2,500 per non-intentional violation.

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

Redacted screenshots from the database shared by Cybernews show spreadsheets containing credentials and sensitive customer information, making the leaking database a prime target for threat actors looking to use supply-chain attacks to compromise organizations.

You might also like

Benedict has been writing about security issues for over 7 years, first focusing on geopolitics and international relations while at the University of Buckingham. During this time he studied BA Politics with Journalism, for which he received a second-class honours (upper division), then continuing his studies at a postgraduate level, achieving a distinction in MA Security, Intelligence and Diplomacy. Upon joining TechRadar Pro as a Staff Writer, Benedict transitioned his focus towards cybersecurity, exploring state-sponsored threat actors, malware, social engineering, and national security. Benedict is also an expert on B2B security products, including firewalls, antivirus, endpoint security, and password management.

Read Entire Article