Employee Monitoring App Exposes Users, Leaks 21+ Million Screenshots

Summary:
A serious security lapse saw employee monitoring software WorkComposer leave over 21 million screenshots vulnerable by making them freely available on an unsecured Amazon AWS S3 bucket. The screenshots had sensitive information logging workers' activity, such as desktop captures taken at regular intervals, internal communications, sensitive company documents, login pages, and even possibly employees' personal details.

The vulnerability was uncovered by Cybernews investigators, who pointed out that while they notified WorkComposer about the issue, the company took its time responding officially. While eventually sealing the bucket, WorkComposer did not issue any official release or notification to the victims. Thankfully, as of now, there are no indications of malicious individuals having gained access to the information, though the company's failure to offer a statement raises the level of uncertainty and risks facing the concerned individuals.

Security Officer Comments:
This hack brings back the memory of a comparable incident involving another remote employee monitoring software called WebWork that earlier exposed more than 13 million sensitive work-related screenshots. Such repeated incidents show the continued vulnerabilities and absence of security standards within the employee monitoring software industry.

Suggested Corrections:
There are some actions you can take if you are, or suspect you may have been monitored by WorkComposer.

  • Change the passwords that may have been seen. You can make a stolen password useless to thieves by changing it. Choose a strong password that you don’t use for anything else. Better yet, let a password manager choose one for you.
  • Enable two-factor authentication (2FA). If you can, use a FIDO2-compliant hardware key, laptop or phone as your second factor. Some forms of two-factor authentication (2FA) can be phished just as easily as a password. 2FA that relies on a FIDO2 device can’t be phished.
  • Watch out for phishing attacks. Cybercriminals may use the information to craft convincing phishing emails, SMS, or messages pretending to be from trusted sources. Do not click on suspicious links or respond to unexpected messages requesting personal or work information.
  • Set up identity monitoring. Identity monitoring alerts you if your personal information is found being traded illegally online, and helps you recover after.
  • Report suspicious activity. If you notice any suspicious emails, messages, or unauthorized access attempts, report them immediately to your IT department or manager. Early reporting can help contain potential damage and prevent further breaches.

Link(s):
https://www.malwarebytes.com/blog/n...pp-exposes-users-leaks-21-million-screenshots