Breach, Compliance Management, Data Security, Privacy

Report: GitHub repository exposes WeWork customer contracts

Data belonging to clients of shared workspace company WeWork was reportedly left exposed and accessible to the public via GitHub, while a web portal separately leaked information on prospective customers.

Mossab Hussein, security researcher from Dubian-based spiderSilk, discovered the data mismanagement and reported it to Vice/Motherboard, which published a report on the findings today.

The GitHub leak reportedly affected a subset of WeWork customers located in India, China and Europe. Exposed information included bank account details and personal information including addresses and phone numbers.

Additionally, Hussein found a web portal related to WeWork in India that also exposed information on prospective clients (aka "leads"), including their names, email addresses and phone numbers.

Motherboard reported that WeWork secured the GitHub repository shortly after the company was contacted for comment, and noted that the Indian web portal domain had stopped leaking by the time its reporter visited the site.

"WeWork was recently alerted to two personal GitHub pages with public settings that linked to certain company confidential information and another instance in which an affiliated company had posted information regarding sales leads in a manner that was not authorized," said a WeWork spokesperson, per Motherboard. "We immediately initiated an investigation and took steps to limit access to the information."

Since the figurative bailout from major investor SoftBank (and subsequent $1.7B departure of founder/CEO Adam Neumann), more than 12,000 global staffers are bracing for layoffs.

It is a tumultuous time right now for WeWork, which recently delayed its IPO and is expected to lay off thousands of employees imminently. In September, company CEO Adam Neumann announced that he would step down from his position.

Bradley Barth

As director of multimedia content strategy at CyberRisk Alliance, Bradley Barth develops content for online conferences, webcasts, podcasts video/multimedia projects — often serving as moderator or host. For nearly six years, he wrote and reported for SC Media as deputy editor and, before that, senior reporter. He was previously a program executive with the tech-focused PR firm Voxus. Past journalistic experience includes stints as business editor at Executive Technology, a staff writer at New York Sportscene and a freelance journalist covering travel and entertainment. In his spare time, Bradley also writes screenplays.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.