Time tracking application WebWork — which is being used by more than 15,000 organizations around the world, including major remote hiring firm Deel — had more than 13 million logs and screenshots exposed by a misconfigured Amazon AWS S3 storage bucket, Cybernews reports.
More files are being continuously added to the bucket, which has remained unprotected since its discovery in June, according to Cybernews researchers who disputed the purportedly end-to-end encrypted nature of the stored logs. Such a cybersecurity lapse — which is in violation of the European Union's General Data Protection Regulation, the California Consumer Privacy Act, and other data privacy regulations — was also noted by researchers to escalate the likelihood of supply chain attacks that may result in the compromise of WebWork clients' and users' personal and business information, API keys, credentials, and other sensitive data. WebWork has been urged to not only immediately close the leaking bucket but also perform comprehensive audits, incident response protocols, and data security awareness programs for its employees.
