Unfortunately, spyware apps with poor reputations and even weaker security practices are all too common.
I’ve lost count of how many blogs I’ve written about stalkerware-type apps that not only exposed the people they spied on but also ended up exposing the spies themselves.
However, perhaps one would expect an employee monitoring app to be of a higher standard. Not in this case.
Cybernews recently uncovered that employee monitoring app WorkComposer left over 21 million images exposed in an unsecured Amazon AWS S3 bucket. These images show a frame-by-frame activity log of remote workers.
This is not just bad news for those remote workers, it could be even worse for the WorkComposer customers that can see internal communications, confidential business documents, and log in pages exposed to anyone that stumbled over the unprotected bucket.
An S3 bucket is like a virtual file folder in the cloud where you can store various types of data, such as text files, images, videos, and more. There is no limit to the amount of data you can store in an S3 bucket, and individual instances can be up to 5 TB in size.
The WorkComposer software logs keystrokes, tracks how long an employee spends on each app, and records desktop screenshots every few minutes. This means those 21 million images could reveal everything from work processes to employees’ private information.
Although there are no indications that cybercriminals gained access to the same bucket, WorkComposer has failed to respond to any notifications and queries. It did secure the access after being notified, but did not provide any comments.
This incident echoes a previous Cybernews investigation that found WebWork, another remote team tracker, leaked over 13 million screenshots containing emails, passwords, and other sensitive work data.
What to do if your employer used WorkComposer
There are some actions you can take if you are, or suspect you may have been monitored by WorkComposer.
- Change the passwords that may have been seen. You can make a stolen password useless to thieves by changing it. Choose a strong password that you don’t use for anything else. Better yet, let a password manager choose one for you.
- Enable two-factor authentication (2FA). If you can, use a FIDO2-compliant hardware key, laptop or phone as your second factor. Some forms of two-factor authentication (2FA) can be phished just as easily as a password. 2FA that relies on a FIDO2 device can’t be phished.
- Watch out for phishing attacks. Cybercriminals may use the information to craft convincing phishing emails, SMS, or messages pretending to be from trusted sources. Do not click on suspicious links or respond to unexpected messages requesting personal or work information.
- Set up identity monitoring. Identity monitoring alerts you if your personal information is found being traded illegally online, and helps you recover after.
- Report suspicious activity. If you notice any suspicious emails, messages, or unauthorized access attempts, report them immediately to your IT department or manager. Early reporting can help contain potential damage and prevent further breaches.
We don’t just report on threats – we help safeguard your entire digital identity
Cybersecurity risks should never spread beyond a headline. Protect your—and your family’s—personal information by using identity protection.
