Flexible workspace provider WeWork reportedly exposed the personal information and selfies of thousands of people who visited its co-working facilities in the country, a cyber-security research has claimed.
Security researcher Sandeep Hodkasia found unencrypted visitor data that got exposed owing to a bug in the check-in app on WeWork India’s website.
The vulnerability exposed visitors’ names, phone numbers, email addresses and selfies.
“I recently uncovered a security vulnerability in the WeWork app that exposed all visitors’ PII (Personally identifiable information) data,” tweeted Hodkasia, who is Co-founder of AppSecure.
PII is any information about an individual maintained by an agency that can be used to distinguish or trace an individualas identity, such as name, social security number, date and place of birth, mother’s maiden name, or biometric records and any other information that is linked to an individual, such as medical, educational, financial, and employment information.
WeWork India later fixed the bug that exposed the personal information and selfies of visitors.
A WeWork India spokesperson told IANS that its website “had a bug that allowed unintentional access to the basic visitor information.”
“WeWork India is in the midst of transitioning its website” and that its recent changes “mitigated” the exposure, the spokesperson added.
The company, however, did not elaborate on exactly how many visitors were impacted and whether it notifiedAthem about the data breach owing to the bug.
WeWork India is currently present at more than 40 locations with over 62,000 members.
– IANS