9 C
London
Tuesday, September 27, 2022

WeWork India has exposed personal information and selfies of visitors – londonbusinessblog.com

Must read

Trump fan who attacked cop Fanone on Jan. 6 sentenced to more than 7 years in prison

WASHINGTON — A Donald Trump fan who brought his teenage son with him when he attacked then-D.C. police officer Mike Fanone and another officer...

Can crypto make the world a better place? • londonbusinessblog.com

Image Credits: londonbusinessblog.com The crypto world has never shied away from making big promises, but as the industry matures and the public expands, now is...

Dotcom Crash Lessons, Lower CAC, Product Driven Sales • londonbusinessblog.com

On a recent Twitter Space, M13 partner Anna Barber and I looked back at the dotcom crash in search of lessons operators can use...

Limit reached – Join the EU Startups CLUB

€147/quarter This option is ideal for companies and investors who want to keep up to date with Europe's most promising startups, have full access...
Shreya Christinahttps://londonbusinessblog.com
Shreya has been with londonbusinessblog.com for 3 years, writing copy for client websites, blog posts, EDMs and other mediums to engage readers and encourage action. By collaborating with clients, our SEO manager and the wider londonbusinessblog.com team, Shreya seeks to understand an audience before creating memorable, persuasive copy.

WeWork India has fixed a security flaw that exposed the personal information and selfies of tens of thousands of people who frequented WeWork India’s coworking spaces.

Security Investigator Sandeep Hodkasia discovered that visitor data came from the check-in app on the WeWork India website, used by visitors to log into the dozens of WeWork India locations across the country. A bug in the app meant it was possible to access any visitor’s check-in record by increasing or decreasing the user’s sequential user ID by one digit.

Because the check-in tool was web-oriented, the bug allowed anyone on the web to browse thousands of records, revealing names, phone numbers, email addresses and selfies. Hodkasia said there were no clear controls to prevent anyone from gaining massive access to the data.

None of the data was encrypted.

Hodkasia described the bug to londonbusinessblog.com, which replicated and confirmed its findings, and passed the information on to WeWork India.

When reached by email, WeWork India spokesperson Apoorva Verma confirmed that his website had “a bug that allowed inadvertent access to basic visitor information”. The check-in app was pulled from the website shortly after londonbusinessblog.com contacted the company. According to Verma, WeWork India is “in the midst of transitioning our website” and that the recent changes are “softening” the exposure.

It is not known exactly how much visitor information was exposed and for how long.

When asked if there were any plans to notify those whose information had been released, WeWork India spokesman Sweta Nair declined to say. (New data breach reporting rules in India, which require companies to notify authorities of a data breach within six hours of discovery, have yet to come into effect, after a delay when rolling out the rules.)

Over the past year, WeWork India has joined a string of Indian companies and organizations that have been ravaged by a cybersecurity slump. In 2020, during the peak of the COVID-19 pandemic, India’s largest mobile network, Jio, published a database of the results of a coronavirus self-test symptom checker on its website. Earlier this year, India’s Central Industrial Security Force released a database of network logs on the Internet, giving anyone direct access to internal files on CISF’s internal network. And in June, londonbusinessblog.com reported the latest release of Aadhaar figures that may have involved millions of Indian farmers, thanks to a vulnerability at government agency PM-Kisan.

Read more:


To contact the security desk, message Signal at +1 646-755-8849 or email [email protected]


More articles

LEAVE A REPLY

Please enter your comment!
Please enter your name here

Latest article

Trump fan who attacked cop Fanone on Jan. 6 sentenced to more than 7 years in prison

WASHINGTON — A Donald Trump fan who brought his teenage son with him when he attacked then-D.C. police officer Mike Fanone and another officer...

Can crypto make the world a better place? • londonbusinessblog.com

Image Credits: londonbusinessblog.com The crypto world has never shied away from making big promises, but as the industry matures and the public expands, now is...

Dotcom Crash Lessons, Lower CAC, Product Driven Sales • londonbusinessblog.com

On a recent Twitter Space, M13 partner Anna Barber and I looked back at the dotcom crash in search of lessons operators can use...

Limit reached – Join the EU Startups CLUB

€147/quarter This option is ideal for companies and investors who want to keep up to date with Europe's most promising startups, have full access...

These are the 4 startups that CBA’s x15ventures supports

Commonwealth Bank's venture-scale arm, x15ventures, has selected four payment startups as finalists for the Xccelerate22 program. The four - paytron, You pay, Cape and persolo...