Sandeep Hodkasia, a security researcher, has stated that WeWork, a flexible workplace provider, apparently leaked the private data and pictures of thousands of users who went to its co-working spaces in the nation. Sandeep discovered unencrypted visitor data on WeWork India’s website as a result of a weakness in the check-in app.
“I recently uncovered a security vulnerability in the WeWork app that exposed all visitors’ PII (Personally identifiable information) data,” tweeted Hodkasia, who is the Co-founder of AppSecure.
PII is any data about a person kept by an organization that can be utilized to differentiate or identify an individual’s identity, such as a person’s name, social security number, date, and place of birth, mother’s maiden name, or biometric records, as well as any other details related to a person. Visitors’ names, phone numbers, email addresses, and selfies were all leaked as a result of the vulnerability.
A WeWork India spokesperson said that its website “had a bug that allowed unintentional access to the basic visitor information.” “WeWork India is in the midst of transitioning its website” and that its recent changes “mitigated” the exposure, the spokesperson added.
WeWork India later patched the bug that revealed customers’ personal details and selfies. However, the organization did not specify how many people were affected or whether it informed them about the security breach caused by the vulnerability.