ReutersFlexible workspace provider WeWork reportedly exposed the personal information and selfies of thousands of people who visited its co-working facilities in the country, a cyber-security research has claimed.
Security researcher Sandeep Hodkasia found unencrypted visitor data that got exposed owing to a bug in the check-in app on WeWork India's website.
The vulnerability exposed visitors' names, phone numbers, email addresses and selfies.
"I recently uncovered a security vulnerability in the WeWork app that exposed all visitors' PII (Personally identifiable information) data," tweeted Hodkasia, who is Co-founder of AppSecure.
PII is any information about an individual maintained by an agency that can be used to distinguish or trace an individualas identity, such as name, social security number, date and place of birth, mother's maiden name, or biometric records and any other information that is linked to an individual, such as medical, educational, financial, and employment information.
WeWork India later fixed the bug that exposed the personal information and selfies of visitors.
A WeWork India spokesperson told IANS that its website "had a bug that allowed unintentional access to the basic visitor information."
"WeWork India is in the midst of transitioning its website" and that its recent changes "mitigated" the exposure, the spokesperson added.
The company, however, did not elaborate on exactly how many visitors were impacted and whether it notifiedAthem about the data breach owing to the bug.
WeWork India is currently present at more than 40 locations with over 62,000 members.
Security researcher Sandeep Hodkasia found unencrypted visitor data that got exposed owing to a bug in the check-in app on WeWork India's website.
Elevate Your Tech Prowess with High-Value Skill Courses
| Offering College | Course | Website |
|---|---|---|
| IIM Lucknow | IIML Executive Programme in FinTech, Banking & Applied Risk Management | Visit |
| IIM Kozhikode | IIMK Advanced Data Science For Managers | Visit |
| Indian School of Business | ISB Professional Certificate in Product Management | Visit |
"I recently uncovered a security vulnerability in the WeWork app that exposed all visitors' PII (Personally identifiable information) data," tweeted Hodkasia, who is Co-founder of AppSecure.
PII is any information about an individual maintained by an agency that can be used to distinguish or trace an individualas identity, such as name, social security number, date and place of birth, mother's maiden name, or biometric records and any other information that is linked to an individual, such as medical, educational, financial, and employment information.
WeWork India later fixed the bug that exposed the personal information and selfies of visitors.
Discover the stories of your interest
A WeWork India spokesperson told IANS that its website "had a bug that allowed unintentional access to the basic visitor information."
"WeWork India is in the midst of transitioning its website" and that its recent changes "mitigated" the exposure, the spokesperson added.
The company, however, did not elaborate on exactly how many visitors were impacted and whether it notifiedAthem about the data breach owing to the bug.
WeWork India is currently present at more than 40 locations with over 62,000 members.
