Time tracking tool reveals information about remote workers.
WebWork Tracker has issues with memory leaks.
It has been discovered that an Amazon S3 bucket associated with the WebWork Tracker application is leaking sensitive information, putting business data and credentials at risk. To date, it is estimated that over 13 million screenshots have been exposed.
WebWork Tracker is software used by organizations to monitor remote workers, regularly capturing images of their screens so employers can verify their activities. However, the bucket containing these screenshots was misconfigured and did not have the end-to-end encryption that the company, which is based in Armenia, claims to use to protect sensitive information.
The Cybernews research team identified this vulnerability on June 11 and, since August 13, attempted to contact WebWork Tracker several times to notify them about the leak, but did not receive a response. Due to the lack of response, Cybernews decided to inform the Computer Emergency Response Team (CERT).
This remote worker tracking tool is utilized by various companies in the United States, including Deel, which is also a U.S. firm. Additionally, other organizations in Austria, the Netherlands, and India were found to be using this software.
The leak of these files may have led WebWork Tracker to violate the EU General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA). Fines for GDPR noncompliance can reach up to 20 million euros or 4% of global revenue, whichever is greater, while penalties for CCPA violations can be up to $2,500 for each unintentional violation.
The partially redacted screenshots shared by Cybernews show spreadsheets containing credentials and sensitive client information, making this database an attractive target for malicious actors seeking to conduct supply chain attacks.
In recent statements, WebWork Tracker apologized for the data leak and confirmed that the situation has been rectified, assuring that the bucket has been configured correctly. Furthermore, the company indicated that they have implemented significant security updates to their software to reduce the likelihood of future leaks.
