Time tracker tool spilled details on remote workers - millions of screenshots leaked

News
By published

WebWork Tracker has some leaky storage

Stress
(Image credit: Shutterstock)
  • An Amazon S3 bucket is leaking sensitive screenshots of remote workers
  • The bucket is owned by WebWork Tracker
  • The leak is putting company data and credentials at risk

A storage bucket associated with the WebWork Tracker application has been leaking sensitive info and company data online, with upwards of 13 million screenshots reportedly breached.

The WebWork Tracker software is used by organizations to monitor remote workers by taking regular screenshots of the workers screen to show the employer what they have been working on.

However, the Amazon S3 bucket that the screenshots were stored on was misconfigured, lacking the end-to-end encryption that the Armenian-based company states it uses to safely store sensitive screenshots.

Company data, credentials, and API keys at risk

The bucket was discovered by the Cybernews research team on June 11, with the team reaching out to the WebWork Tracker team on multiple occasions since August 13 to alert the organization to the leaking bucket, but received no response.

As a result, Cybernews notified the Computer Emergency Response Team (CERT).

The remote worker tracking software is used by a number of businesses across the US, Austria, the Netherlands, and India.

As a result of the leaking files, it is possible that the company has violated EU General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA). GDPR fines can be €20 million or 4% of global revenue, whichever is greater, with CCPA fines reaching $2,500 per non-intentional violation.

Redacted screenshots from the database shared by Cybernews show spreadsheets containing credentials and sensitive customer information, making the leaking database a prime target for threat actors looking to use supply-chain attacks to compromise organizations.

Recent updates

WebWork Tracker contacted TechRadar Pro to apologize for the data leak, and confirmed that the leak has since been plugged, and the bucket has since been properly configured. WebWork Tracker also stated that they have made major security updates to their software to reduce the possibility of future leaks.

You might also like

Benedict Collins
Benedict Collins
Senior Writer, Security

Benedict has been with TechRadar Pro for over two years, and has specialized in writing about cybersecurity, threat intelligence, and B2B security solutions. His coverage explores the critical areas of national security, including state-sponsored threat actors, APT groups, critical infrastructure, and social engineering.

Benedict holds an MA (Distinction) in Security, Intelligence, and Diplomacy from the Centre for Security and Intelligence Studies at the University of Buckingham, providing him with a strong academic foundation for his reporting on geopolitics, threat intelligence, and cyber-warfare.

Prior to his postgraduate studies, Benedict earned a BA in Politics with Journalism, providing him with the skills to translate complex political and security issues into comprehensible copy.