Our senior reporter, Hannah Maria, informed us of the shocking news of a massive data breach due to a misconfigured Amazon S3 bucket. Her investigation found that the victims were the employees who worked for multinational companies.
However, Senthil CA (a senior Auditor working for CoreNetworkZ Tech Solutions) says the real victims are the companies that used WorkComposer.
Senthil is a Chartered Accountant.
I must agree that he has a valid point. Sensitive data that companies wanted to keep secret are now in public.
So, what exactly happened? Hanna Maria says a popular employee performance monitoring tool, Workcomposer, stored almost 21 million employee activity screenshots (screenshots of their computer screen) in an unsecured Amazon S3 bucket.
My research found that many security experts share the news over social media accounts. Adam Goss from Kraven Security shared it on his X account.

A security company, Malwarebytes, confirms the story.

This breach leaked sensitive data like user credentials, office chats, and work emails.
How Does This WorkComposer Data Breach Affect the Victims?
Let us first consider the companies. Their sensitive data is in public now. I do not think any company wants its business plans, login credentials, or employee internal chats to go public.
The real victims are the employees. Now, any tech-savvy person can download the leaked WorkComposer employee screenshots.
Possible Aftereffects of WorkComposer Data Leak
The first aftereffect is the rethinking by companies about using cloud storage to keep sensitive data. Hanna Maria interviewed Akash Mathew, and he confirmed it.
Akash Mathew is a CTO at an e-commerce platform.
Akash said this company is thinking about moving sensitive data from the cloud. However, he refused to answer whether his company uses employee performance monitoring tools.
The second aftereffect is from the employees who use company laptops preinstalled with WorkComposer. They are concerned about their personal and professional privacy.
We asked a few IT professionals and some of them replied.
Swetha Agarwal responded to the question by CoreNetworkZ Tech Solutions. She worries about who else will read her chat with her team members.
Swetha said her company uses employee performance monitors but never expected such a data leak.
Deepak Vasudev, another IT professional contacted by CoreNetworkz Tech Solutions, said his company does not use WorkComposer.
Deepak Vasudev works for a Game Development Company.
Since Deepak's company does not use Employee Performance Monitoring tools, he has nothing to worry about. He also said that employees must consider how much trust their management puts in them if they use such apps to spy on them.
No comments:
Post a Comment