WeWork India has fixed a security lapse that exposed the personal information and selfies of tens of thousands of people who visited WeWork India’s coworking spaces.
Security researcher Sandeep Hodkasia found visitor data spilling from the check-in app on WeWork India’s website, used by visitors to sign-in at the dozens of WeWork India locations across the country. A bug in the app meant it was possible to access the check-in record of any visitor by increasing or decreasing the user’s sequential user ID by a single digit.
Because the check-in tool was internet-facing, the bug allowed anyone on the internet to cycle through thousands of records, expo …
