CONFIDENTIAL CONTRACTS belonging to clients of WeWork were left exposed and accessible to the public via GitHub.
The leak was first spotted by Mossab Hussein, a security researcher at Dubai-based security firm SpiderSilk.
The issue affected a subset of WeWork customers based in Europe, India and China, and exposed details including phone numbers, addresses and bank account details. The repository contained a script with URLs of hundreds of PDF files hosted on unprotected Amazon server, which were publically accessible without authentication.
Motherboard, which first caught wind of the breach, said it downloaded more than 160 PDFs, which appeared to be contracts between WeWork and individual customers. They included membership agreements with cybersecurity companies such as Palo Alto Networks and Tenable, according to the report.
Additionally, Hussein spotted a web portal related to WeWork in India exposing information on sales leads.
The GitHub repository was secured shortly after WeWork was informed. The Indian web portal domain was also quickly secured.
"WeWork was recently alerted to two personal GitHub pages with public settings that linked to certain company confidential information and another instance in which an affiliated company had posted information regarding sales leads in a manner that was not authorised," a WeWork spokesperson told Motherboard.
"We immediately initiated an investigation and took steps to limit access to the information."
The news of WeWork data leak coincides with the lay-offs of thousands of employees at the company in order to cut costs amid ongoing losses. Earlier this month, WeWork told shareholders that it lost approximately $1.3bn in the third quarter alone.
The company was valued at $50bn earlier this year but was forced to scrap plans for an IPO in September. Its founder and CEO Adam Neumann was also forced out.
SoftBank, the largest investor in WeWork, also announced its decision last month to buy 80 per cent of the struggling company. µ
Firm's first high-end speaker gets the thumbs up from us
Yes. Yes you can
A fantastic ultraportable that's almost devoid of innovation
Screen if you want to go faster