Employee monitoring apps are meant to help businesses track productivity and improve performance. But just how safe are these tools when it comes to protecting user data?
Some of these tools have serious security flaws that can put both workers and company data at risk. Recently, one such app, WorkComposer, which tracks remote workers’ activities, exposed millions of sensitive images and documents because of poor security settings.
Researchers at Cybernews recently found the vulnerability and notified the company, which swiftly secured access.
WorkComposer utilized an Amazon S3 bucket for storage, which is like a digital file folder in the cloud where companies store data such as photos, documents, and videos. Unfortunately, the “folder” was left unprotected, allowing anyone who found it to access the data.
These images included screenshots of employees’ computers, showing everything from work tasks to private details. In addition, confidential company information—like internal communications and login pages—was exposed.
While there’s no evidence that hackers accessed the data, the prolonged exposure of this sensitive information is alarming.
What Was Exposed?
The app tracked everything employees did—keystrokes, time spent on each app, and screenshots taken every few minutes. As a result, the exposed images could reveal both personal and work-related information. This isn’t the first time an employee monitoring app has had such a breach. Another app, WebWork, leaked millions of screenshots that contained sensitive data like emails and passwords.
If you think your employer used WorkComposer or a similar app, here’s what you can do to protect your information:
- Change Your Passwords: If you believe your passwords may have been exposed, make them useless by changing them right away. Choose strong, unique passwords for each account (using a password manager can help you create and store secure passwords).
- Enable Two-Factor Authentication (2FA): Two-factor authentication adds an extra layer of security. If possible, use a physical security key, which is much harder for hackers to steal compared to text messages or app-generated codes.
- Be Aware of Phishing Attempts: Hackers may use the information they gained to send fake emails or messages that look like they’re from trusted sources. Be cautious of any unexpected messages, and never click on suspicious links.
- Use Identity Monitoring: Consider using a service that alerts you if your personal information is found online or sold. This can help you react quickly if your data is at risk.
While one may not be able to control productivity applications used by their employer, be sure to stay vigilant and report suspicious activity.
If you notice anything unusual—like strange emails or unauthorized attempts to access your accounts—report it immediately to your IT department, manager, or provider.
Leave a Reply