Hacker News

1279 readers

353 users here now

Posts from the RSS Feed of HackerNews.

The feed sometimes contains ads and posts that have been removed by the mod team at HN.

founded 7 months ago

MODERATORS

patrick@lemmy.bestiver.se

rssbot@lemmy.bestiver.se

Top employee monitoring app leaks 21M screenshots on users (www.techradar.com)

submitted 6 days ago by rssbot@lemmy.bestiver.se to c/hackernews@lemmy.bestiver.se

7 comments fedilink hide all child comments

Comments

you are viewing a single comment's thread
view the rest of the comments

[–] scytale@lemm.ee 23 points 6 days ago (6 children)

Exposed S3 bucket? Yep, exposed S3 bucket.

[–] can@sh.itjust.works 5 points 6 days ago (4 children)

Cybernews said that WorkComposer exposed more than 21 million images in an unsecured Amazon S3 bucket. The company claims to have more than 200,000 active users.

How common is this?

[–] Shirasho 9 points 6 days ago (3 children)

Fairly common. Setting up proper permissions in AWS isn't always straightforward and getting permissions to properly integrate with an app can be confusing. I have worked with a lot of people who don't care about doing things right and only care about making something that works.

[–] Raiderkev@lemmy.world 2 points 5 days ago

"I have worked with a lot of people who don't care about doing things right and only care about making something that works."

I'm not a coder, but I've encountered this at just about every job I've ever had.

[–] intelisense@lemm.ee 3 points 5 days ago

Maybe, but if your not able or don't know you need to secure your S3 buckets, you shouldn't be managing infrastructure.

[–] blakenong 2 points 6 days ago

One could argue that storing anything in the cloud like that is pretty insecure to begin with. Since those screenshots likely contain private data, they really should be hosting their own solution.

Or, at the very least, providing end to end encryption for that data in the cloud.

load more comments (1 replies)