- Security researchers have found an unprotected Amazon S3 bucket
- It is up to workcompass, an employee monitoring application
- The bucket contained 21 million screenshots
A large time monitoring company has disclosed sensitive screenshots on the Internet open, putting countless people and organizations at risk of identity, data violations, wire fraud, scams, etc.
Cybersecurity researchers at Cyberness I found an archive of “millions of real -time screenshots” generated by Workcomposer, which is called a “employee productivity monitoring tool”.
These screenshots show what the employee works at any time, which could include sensitive communications and emails, connection gates, passwords, intellectual property, proprietary data, etc.
Millions of screenshots
The leakage of these screenshots is a major violation of confidentiality and could issue problems for the company, if data on data and privacy organizations are involved.
Cyberness said Workcompose exhibited more than 21 million images in an unsecured Amazon S3 bucket. The company claims to have more than 200,000 active users.
This could also express problems if it turns out that cybercriminals have found the bucket in the past. At the time of the press, there was no evidence that it had happened and the company apparently locked the archives in the meantime.
Workcomposer is essentially a surveillance tool built mainly for remote workers, allowing bosses and managers to follow what their employees do. He records the hours, the use of applications, but above all – he enters screenshots every 20 seconds.
One of the most common causes of data leaks are not defended. This year, more than 2.8 billion files were disclosed on the web, because companies of different sizes and in different industries have been found holding sensitive data in a unlocked cloud body.
Security researchers warn that many companies do not really understand the concept of “shared responsibility” when it comes to securing the cloud, and has urged organizations to secure their databases and monitor the newspapers with an unauthorized entry.
