Shared workspace company WeWork found leaking customers’ email addresses and bank credentials through insecure WiFi network, report claims
- A report has revealed the WeWork has been leaking sensitive customer data
- Unsecured WiFi networks have exposed bank credentials, emails, and more
- Repeated attempts to address the shoddy practices have been ignored
- The news comes as WeWork eyes a highly-publicized IPO
WiFi networks at the co-working juggernaut, WeWork, have been exposing an ‘astronomical amount’ of private data according to a new report.
An investigation from CNET highlights how improperly secured WiFi networks offered at the company’s brand of flexible office properties have put sensitive data of customers and businesses at risk.
That data includes extremely sensitive information like bank account credentials, email addresses, client databases, scans of IDs, and more.
WeWork is coming under scrutiny after a report from CNET highlight the company’s shoddy network security practices that have leaked sensitive customer data (Stock image)
The extent of WeWork’s security flaws were documented by Teemu Airamo, head of digital media company, Viveca Media, who told CNET that he had noticed the issue after running WiFi scans out of his own WeWork office in downtown Manhattan in 2015.
‘For me, it was pretty much, ‘Holy s***,’ Airamo told CNET.
Airamo said that after discovering the company’s network vulnerabilities he attempted to raise the issue with WeWork for years with but received no response. Throughout that time, he continued to run scans and document the leaks.
Scans reviewed by CNET show nearly 700 devices, including servers, computers, and even connected appliances that were hemorrhaging information.
CNET’s investigations adds dimension to a story first reported by Fast Company in August that chronicled the company’s dubious security practices, such as re-using weak Wi-Fi passwords across multiple branches — an obvious security no-no — and outdated hardware.
‘WeWork takes the security and privacy of our members seriously and we are committed to protecting our members from digital and physical threats,’ a company spokesperson told MailOnline in a statement.
According to CNET, the company re-uses its passwords across branches and often employs weak passwords and outdated hardware (Stock image)
‘In addition to our standard WeWork network, we offer members the option to elect various enhanced security features, such as a private VLAN, a private SSID or a dedicated end-to-end physical network stack.’
Shoddy security at the company is particularly noteworthy given its business mode, which involves aggregating myriad businesses under a single, We-Work, owned property.
This means that a hacker — who could access a WeWork property with a free day pass in many cases — could usurp sensitive data from businesses and other customers with little to no hurdle.
News of the company’s less-than-ideal security practices come with particularly bad timing for WeWork which is eyeing an upcoming initial public offering.
The company has already drawn scrutiny for what’s been regarded as a wildly inflated valuation of $47 billion.
