WeWork engineer who fired more than 2400 employees turned out to have released customer's personal information on GitHub



TechMedia's Motherboard reports that WeWork engineers who run a US coworking space offering service disclosed their personal information to their personal GitHub repositories.

WeWork Developers Exposed Contracts and Customer Data on GitHub-VICE

WeWork, which has grown rapidly with the lightness of its footwork that “lease contracts can be completed in as little as one month,” was raising funds to become a member of a listed company. However, the listing of the shares was considered difficult due to the misconduct of the business founded by the documents submitted to the Securities and Exchange Commission and the misconduct of CEO Adam Newman.


Marco Verch

SoftBank of Japan had an additional investment of approximately 320 billion yen in WeWork, but in 2018 financial results WeWork recorded a deficit of approximately 205 billion yen, and the management situation seems to have been quite difficult. Eventually, WeWork announced on 30 September 2019 that it would give up its initial public offering (IPO).

WeWork resigned as CEO after retirement due to failure to raise funds officially withdraws listing application-GIGAZINE

As part of restructuring to improve business conditions, WeWork announced in early November 2019 that it will “sell businesses other than shared offices and reduce personnel on a large scale”. CNBC, an overseas economic media, reported on November 21, 2019 that 'WeWork dared to layoff 2,400 employees.' This means that 19% of the approximately 12,500 WeWork employees were fired.

WeWork lays off 2,400 employees

A WeWork spokesperson told CNBC that WeWork layoffs have been taking place at branches around the world as well as in the United States for several weeks. Due to the tight management situation of WeWork, many media are expecting a large-scale layoff, and WeWork employees also formed a labor union before the layoff occurred. It seems that this labor union has been negotiating with the company since the layoff was reported.

Meanwhile, “WeWork engineers publish contracts and customer data on GitHub,” pointed out security researcher Mosab Hussein.

According to Hussein, the URL of the PDF file hosted on Amazon Web Service was included in the script that the WeWork engineer listed in the GitHub repository. Access to this URL did not require authentication, and anyone could access and download it. When the technical media Motherboard checked more than 160 PDF files, most of them showed customer data for India, China, and Europe with which WeWork was contracted.

The customer data listed in the PDF file included not only personal phone numbers and addresses but also bank account numbers. Motherboard has confirmed with two cyber security companies that have signed a corporate contract with WeWork, but reports that neither of them has received an answer.

by Ajay Suresh

In addition, not only customers who have contracted with WeWork, but also the real names, telephone numbers, and email addresses of individuals waiting for a contract with WeWork were leaked in India.

Immediately after Motherboard requested comments from WeWork, the repository containing the link to the PDF file was deleted from GitHub. A WeWork spokesperson said, “WeWork has recently warned about two personal GitHub repositories that have been published with links to specific confidential information, and cases of posting information about customers in ways that affiliates have not approved. “We immediately started investigating and taking steps to limit access to information.”

in Security, Posted by log1i_yk