Now they have a serious safety problem and data leakage

During pandemic and Forced adoption of teleworkingsome bosses forced their employees to Install monitoring system in the teams of their employees to control that they really work during their day.

As published Tom’s Guidea cybersecurity team has notified that millions of screenshots of one of these monitoring systems are accessible to anyone, compromising the safety of the companies that hired this service.

The distrust of the bosses. The specialized media in Cybernews cybersecurity It echoed what they describe as one of the greatest security leaks of the Workcomposer companywhich offered a monitoring service in more than 200,000 corporate computers in companies around the world.

The monitoring service offered attend to your personal affairs. These monitoring systems were the focus of An ethical and legal debatebut if the computer was from the company, it had the right to install the software that would believe timely.

The day captures. All these monitored equipment generated dozens of millions of periodic screenshots throughout the day. These captures recorded all kinds of confidential information of companies, which employees used daily: emails, internal documents, accounting data, etc. The employee was not aware of what time the monitoring application He was taking a capture of his screen, so he could not have avoided the capture of this compromised data.

In addition to all this data, the screenshots would have captured credentials of access to other companies of the companies if the screenshot occurred just at the time when the employee was accessing the service, which would mean a serious risk to their safety.

A millionaire gap. According to Cybernews, the security gap could affect about 21 million captures stored on a Amazon S3 server that did not have adequate access security measures. That allows anyone to make the appropriate search to access the entire catalog of captures that is stored there.

This has left all the companies that have used the workcomposer remote monitoring service in a vulnerability situation before attacks of impersonation of identity due to the theft of credentials and internal data escape. In addition, since it is not an attack on a certain service, the affected companies do not know the scope of the filtration, which will force them to review all the credentials and sensitive information that has captured the monitoring system.

The RGPD knocks on your door. On the other hand, the massive filtration of these catches will put both affected companies and Workcomposer in a complicated situation. From Xataka we have tried to obtain statements from the company that manages this application, but we have not obtained an answer.

He General Data Protection Regulation (RGPD) in force in Europe, and some US laws such as California Consumer Privacy Act (CCPA)they establish that the company that captures this data is the responsible for its custody and protection. The negligence to house millions of images with confidential information on a server without minimal security can cost you millionaire sanctions.

In Xataka | Companies that have eliminated teleworking are facing a big problem: they take longer to cover their vacancies

Image | Unspash (Boitumelo)