The personal information of tens of thousands of people who visited WeWork India has been fixed.
Visitor data was spilled from the check-in app on WeWork India's website, used by visitors to sign in at the dozens of WeWork India locations across the country. It was possible to increase or decrease the user's sequential user ID by a single digit because of a bug in the app.
The check-in tool allowed anyone on the internet to see thousands of records, exposing names, phone numbers, email addresses, and selfies. There was no obvious way to stop someone from accessing the data in bulk.
The data wasn't secured.
The information about the bug was passed on to WeWork India by the author.
The website had a bug that allowed accidental access to the basic visitor information. The check-in app was removed from the website after a contact was made with the company. WeWork India is in the middle of transitioning its website and has recently made changes that mitigated the exposure.
It's not clear how many visitors' information was exposed.
Sweta Nair wouldn't say if there were plans to inform those who were exposed. The new data breach reporting rules, which require companies to notify authorities of a data breach within six hours of discovery, have yet to be implemented.
A number of Indian companies and organizations have been affected by a lapse in cyber security. A database containing the results of a coronaviruses self-test symptom checker was exposed by India's largest cell network in 2020. The database of network logs left by India's Central Industrial Security Force allowed anyone to access internal files. There was a security lapse at the PM-Kisan government agency that led to the leak of millions of India's farmers' Aadhar numbers.
You can read more.
If you want to get in touch with the security desk, you can either message on Signal or email Zak Whittaker.
All Rights Reserved © 2024
