WeWork India fixes bug that exposed visitors' personal information


New Delhi, Jul 5 (IANS): Flexible workspace provider WeWork reportedly exposed the personal information and selfies of thousands of people who visited its co-working facilities in the country, a cyber-security research has claimed.

Security researcher Sandeep Hodkasia found unencrypted visitor data that got exposed owing to a bug in the check-in app on WeWork India's website.

The vulnerability exposed visitors' names, phone numbers, email addresses and selfies.

"I recently uncovered a security vulnerability in the WeWork app that exposed all visitors' PII (Personally identifiable information) data," tweeted Hodkasia, who is Co-founder of AppSecure.

PII is any information about an individual maintained by an agency that can be used to distinguish or trace an individualas identity, such as name, social security number, date and place of birth, mother's maiden name, or biometric records and any other information that is linked to an individual, such as medical, educational, financial, and employment information.

WeWork India later fixed the bug that exposed the personal information and selfies of visitors.

A WeWork India spokesperson told IANS that its website "had a bug that allowed unintentional access to the basic visitor information."

"WeWork India is in the midst of transitioning its website" and that its recent changes "mitigated" the exposure, the spokesperson added.

The company, however, did not elaborate on exactly how many visitors were impacted and whether it notifiedAthem about the data breach owing to the bug.

WeWork India is currently present at more than 40 locations with over 62,000 members.

 

  

Top Stories


Leave a Comment

Title: WeWork India fixes bug that exposed visitors' personal information



You have 2000 characters left.

Disclaimer:

Please write your correct name and email address. Kindly do not post any personal, abusive, defamatory, infringing, obscene, indecent, discriminatory or unlawful or similar comments. Daijiworld.com will not be responsible for any defamatory message posted under this article.

Please note that sending false messages to insult, defame, intimidate, mislead or deceive people or to intentionally cause public disorder is punishable under law. It is obligatory on Daijiworld to provide the IP address and other details of senders of such comments, to the authority concerned upon request.

Hence, sending offensive comments using daijiworld will be purely at your own risk, and in no way will Daijiworld.com be held responsible.