Visitors to WeWork India’s coworking spaces recently became victims of a security oversight that left much of their information exposed to anyone with internet access.
According to researcher Sandeep Hodkasia, visitor data was being leaked from the firm’s check-in app after an error allowed visitor records to be accessed through simply changing user IDs.
The bug allowed anyone with internet access to the names, email addresses, phone numbers, and even selfies of WeWork India visitors.
Now, the check-in app has been taken down after Hodkasia relayed the information to the coworking company. In the meantime, a WeWork India spokesperson has stated that the firm is “in the midst of transitioning our website” to reduce exposure.
WeWork India would not specify whether it has informed those exposed. India is in the process of enacting new rules that would require companies to notify authorities of a data breach within six hours of discovery.