WebWork, the time-tracking application used by more than 15,000 organizations worldwide had more than 13 million logs and screenshots exposed by a misconfigured Amazon AWS S3 storage bucket, Cybernews reports.
Cybernews researchers said more files are being continuously added to the bucket, which has remained unprotected since its discovery in June.
Such a cybersecurity lapse — which is in violation of the European Union's General Data Protection Regulation, the California Consumer Privacy Act, and other data privacy regulations — was also noted by researchers to escalate the likelihood of supply chain attacks that may result in the compromise of WebWork user data, API keys, and credentials.
WebWork has been urged to immediately close the leaking bucket, and also perform comprehensive audits, incident response protocols, and data security awareness programs for its employees.
