Vulnerability exposes the names of visitors, telephone numbers, email addresses, and selfies.In a statement to Ians, the company said that the bug was in a third-party tool integrated with their website for the testing phase, at the top of Pandemi Covid-19 to reduce the possibility of infection transmission due to human interaction through “our standard of the guest registration process”.
“This application has a bug that allows accidental access to basic visitors information, we have switched from it and have stopped using it in all of our locations,” said a company spokesman.”The confidentiality of member data is very important for us and we are always aware of such cases and act based on priorities,” the spokesman added.
The company, however, does not describe how many visitors are affected and whether it tells them about data violations because of the bug.Sandeep Hodkasia’s security researcher found visitor data that was not encrypted exposed to bugs on the check-in application on the Indian Wework website.
“I recently revealed security vulnerability in the Wework application that exposed all PII data (information that can be identified personally) all visitors,” Tweeted Hodkasia, who is one of the founders of Appsecure.
PII is any information about individuals managed by agents who can be used to distinguish or track one’s identity, such as names, social security numbers, date and places of birth, names of mothers, or biometric notes and other information related to individuals, such as Medical information, education, finance, and work.Indian Wework is currently present in more than 40 locations with more than 62,000 members.
0
0
