WeWork Developers Exposed Contracts and Customer Data on GitHub
The agreements contain phone numbers and addresses of individuals, and others have bank account information.
Rob Gurzeev, CEO and Co-Founder, CyCognito :
“Unfortunately, this kind of IT ecosystem risk isn’t unique to WeWork. In fact, IT and security teams often don’t even know if and where all of their organizations’ digital infrastructure and assets are, or whether they’re fully protected. That lack of visibility and awareness on the part of organizations leads attackers to target GitHub, along with many other cloud-based services and applications, looking for just those types of misconfigurations. This ‘awareness gap’ is called shadow risk, and it’s a major problem. Organizations need to expose their shadow risk by mapping and assessing their full attack surface.”