Widely used workplace time tracking and productivity monitoring software WorkComposer had over 21 million screenshots of employee devices unintentionally leaked by an unprotected Amazon S3 bucket, Cybernews reports.
Aside from emails and internal chats, such a misconfigured storage bucket which has already been secured by WorkComposer earlier this month could also have exposed login pages, confidential business files, credentials, and API keys, according to Cybernews researchers, who identified the security issue. Such a development comes after WebWork, another time tracking app, was discovered to have exposed more than 13 million screenshots, including emails and passwords. Inadvertent exposure of device screenshots could not only lead to the compromise of organizations' internal secrets and further account breaches but also result in penalties under the European General Data Protection Regulation and California Consumer Privacy Act, said researchers, who emphasized the importance of standard cyber hygiene in time tracking tools.
Aside from emails and internal chats, such a misconfigured storage bucket which has already been secured by WorkComposer earlier this month could also have exposed login pages, confidential business files, credentials, and API keys, according to Cybernews researchers, who identified the security issue. Such a development comes after WebWork, another time tracking app, was discovered to have exposed more than 13 million screenshots, including emails and passwords. Inadvertent exposure of device screenshots could not only lead to the compromise of organizations' internal secrets and further account breaches but also result in penalties under the European General Data Protection Regulation and California Consumer Privacy Act, said researchers, who emphasized the importance of standard cyber hygiene in time tracking tools.
