A data leak from an Amazon S3 bucket linked to the WebWork Tracker application has exposed over 13 million sensitive screenshots, jeopardizing company data and credentials. The software, commonly used to monitor remote workers, captures screenshots showcasing employees’ activities. Unfortunately, the misconfigured S3 bucket failed to uphold the encryption standards promised by the Armenian-based company behind WebWork Tracker, leading to a grave breach.

Despite concerned alerts from the Cybernews research team to WebWork Tracker starting in August 13, the organization remained unresponsive. As a consequence, Cybernews sought intervention from the Computer Emergency Response Team (CERT) upon their discovery of the compromised repository on June 11. Multiple businesses in the US, including Deel, a remote-hiring company, alongside other international firms in Austria, the Netherlands, and India, were exposed to this data leak.

The leaked information raises concerns about potential violations of the EU General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA), which could incur substantial penalties. The leaked data, shared by Cybernews, exposed sensitive customer information and credentials, making the database vulnerable to malicious actors seeking to exploit supply-chain vulnerabilities. This breach underscores the critical importance of robust data security measures in safeguarding sensitive information.