HQ/EMEAFind out how we can help your business
A major privacy breach involving an employee monitoring app has raised alarms across workplaces globally after more than 21 million screenshots of workers’ computer activity were accidentally exposed online.
The surveillance tool WorkComposer, which over 200,000 employees across numerous organisations use, left a massive volume of sensitive data in an unsecured Amazon S3 bucket, according to cybersecurity researchers.
The employee monitoring app broadcasts a frame-by-frame view of daily work routines.
Designed to track productivity by logging keystrokes, monitoring app usage, and capturing desktop screenshots every few minutes, the tool collects detailed data on user activity. The exposed images included full-screen views of emails, confidential business documents, internal chats, login pages, and even sensitive credentials such as usernames, passwords, and API keys.
This real-time data exposure meant that threat actors could potentially observe business operations as they unfolded, posing a serious risk to corporate security.
Researchers who discovered the misconfiguration alerted WorkComposer promptly. Although the storage has since been secured, the corporation has not released an official comment about the breach. The leak could have easily been exploited for identity theft, phishing attacks, or corporate espionage, as the exposed screenshots provided direct access to the inner workings of businesses.
Beyond the immediate cyber risks, the incident also highlights significant concerns about the ethics of workplace surveillance. Employees using such tools have no control over what is captured—whether it be personal messages, private medical information, or sensitive projects. The scale of this breach has drawn attention to the growing unease around the use of employee monitoring apps and their potential to infringe on personal privacy.
There is likely to be regulatory scrutiny, particularly in light of strict data protection rules like the California Consumer Privacy Act (CCPA) and the General Data Protection Regulation (GDPR) of the European Union. Employers who used WorkComposer may now be subject to legal action and investigations for inadequately protecting employee data.
The WorkComposer breach is not an isolated incident.
A similar case involving another time-tracking tool, WebWork, previously exposed over 13 million screenshots. These recurring failures underscore the ongoing risks associated with employee monitoring apps and the widespread problem of misconfigured cloud storage. With studies suggesting that nearly a third of S3 buckets remain publicly accessible, experts stress the need for improved cybersecurity hygiene across all digital surveillance platforms.
