Time tracker tool spilled details on remote workers - millions of screenshots leaked

(Image credit: Shutterstock)

An Amazon S3 bucket is leaking sensitive screenshots of remote workers
The bucket is owned by WebWork Tracker
The leak is putting company data and credentials at risk

A storage bucket associated with the WebWork Tracker application has been leaking sensitive info and company data online, with upwards of 13 million screenshots reportedly breached.

The WebWork Tracker software is used by organizations to monitor remote workers by taking regular screenshots of the workers screen to show the employer what they have been working on.

However, the Amazon S3 bucket that the screenshots were stored on was misconfigured, lacking the end-to-end encryption that the Armenian-based company states it uses to safely store sensitive screenshots.

Company data, credentials, and API keys at risk

The bucket was discovered by the Cybernews research team on June 11, with the team reaching out to the WebWork Tracker team on multiple occasions since August 13 to alert the organization to the leaking bucket, but received no response.

As a result, Cybernews notified the Computer Emergency Response Team (CERT).

The remote worker tracking software is used by a number of businesses across the US, Austria, the Netherlands, and India.

As a result of the leaking files, it is possible that the company has violated EU General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA). GDPR fines can be €20 million or 4% of global revenue, whichever is greater, with CCPA fines reaching $2,500 per non-intentional violation.

Redacted screenshots from the database shared by Cybernews show spreadsheets containing credentials and sensitive customer information, making the leaking database a prime target for threat actors looking to use supply-chain attacks to compromise organizations.

Recent updates

WebWork Tracker contacted TechRadar Pro to apologize for the data leak, and confirmed that the leak has since been plugged, and the bucket has since been properly configured. WebWork Tracker also stated that they have made major security updates to their software to reduce the possibility of future leaks.

These are the best password managers around today
Take a look at the best business VPN
European Commission hit by EU court fine after breaking own data privacy rules

Benedict has been writing about security issues for over 7 years, first focusing on geopolitics and international relations while at the University of Buckingham. During this time he studied BA Politics with Journalism, for which he received a second-class honours (upper division), then continuing his studies at a postgraduate level, achieving a distinction in MA Security, Intelligence and Diplomacy. Upon joining TechRadar Pro as a Staff Writer, Benedict transitioned his focus towards cybersecurity, exploring state-sponsored threat actors, malware, social engineering, and national security. Benedict is also an expert on B2B security products, including firewalls, antivirus, endpoint security, and password management.