Researchers at CyberNews have uncovered that a surveillance app WorkComposer may be leaking your data. Here’s what’s happening.
Introduction
Some boast WorkComposer to be the best time-tracking and productivity-monitoring software. The application allegedly works by the user signing up, then downloading the WorkComposer time tracking app, and allowing employees to track their time. WorkComposer is meant to track work time – once everyone has downloaded and installed the application, the app will come up with reports reflecting all of the tracked time allowing everyone to keep tabs on the progress of a project and team activities.
Cybernews Have Uncovered a Leak
Recently, there has been news about WorkComposer potentially leaking millions of screenshots onto the web. The news was uncovered by Cybernews and Cybernews says that WorkComposer has left tens of millions of images exposed in an unsecured Amazon S3 bucket which could potentially mean that anyone could get a glimpse into the activity of the workers using the app. According to Cybernews, there are over 200,000 people using the app which could have been a massive leak. The good news is that Cybernews has contacted the company and access to their systems has now been secured, though a comment from the company has not yet been received.
Why Do the Findings of Cybernews Matter?
Since the app leaked screenshots, these can contain a lot of sensitive information starting from email conversations and ending with sensitive documents as well as uncovering confidential projects.
Indeed, even a single screenshot that exposes an API endpoint, passwords, or other sensitive data can spell disaster for the company – the fact that Cybernews has uncovered that there are tens of millions of such screenshots makes matters even worse. According to Cybernews, employees may have had no control over what ended up in those screenshots either. However, everything’s already behind us – the hole has already been plugged.
How to Protect Your Privacy?
Even with leaks like these being behind us, it’s no wonder why employees and students in universities are so paranoid about their privacy – with millions of images being exposed, there’s no telling about what kind of damage might be done to the victims.
At the same time, there are things that you can do to protect yourself. Enter BreachDirectory.com – a data breach search engine protecting tens of millions of people: search for your username, email, or IP address, and it will tell you whether this data was exposed in any data breach and how and also advise you on what to do to make yourself less vulnerable to hackers or online predators.
BreachDirectory will not only let you scan your online accounts through hundreds of data breaches to help you determine if you‘re at risk but also help you be informed about when your online data has been exposed – for that, register for data breach notifications and be informed on what‘s happening with your data every month.
Alternatively, if you are a developer, consider making use of the BreachDirectory API to implement the data inside the BreachDirectory.com data breach search engine into your own application to further your use case.
At the same time, you should also be wary of impersonators: the only original domain belonging to BreachDirectory is BreachDirectory.com. Everything else is fake and/or plagiarized.
Summary
Researchers at Cybernews have uncovered troubling news – they‘ve uncovered that a surveillance app called WorkComposer may be leaking tens of millions of screenshots onto the web through an unsecured S3 bucket. According to Cybernews, this flaw has now been plugged, however, it is still vitally important to take care of your privacy: to do that, make good use of data breach search engines and their API counterparts, and until next time.