Weak WeWork Wi-Fi network security leaves company records exposed

20 Sep 2019

Image: © mooshny/Stock.adobe.com

Security scans of WeWork networks have found that records of its member companies, including financial records, had been left exposed.

The “laughably weak” Wi-Fi security in WeWork buildings has reportedly left sensitive documents completely exposed.

Security scans of a WeWork building in the financial district of New York revealed system vulnerabilities that left the financial records and devices of companies working in the building out in the open.

According to a CNET report, a digital media company moved into the We Work building in May 2015. Teemu Airamo, the company’s founder, became concerned that his firm would get hacked when he noticed that other companies were visible on the network and were spilling out an “astronomical amount” of data.

Issues with We Work’s Wi-Fi security first came to light in August 2019 in a Fast Company report, which noted that the company “used the same weak password and dated Wi-Fi for years”, to the point that the password WeWork chose is allegedly one “that has regularly appeared on lists of the worst passwords that anyone can possibly choose”. The article described the security of its Wi-Fi as “laughably weak” and “downright dangerous”.

‘Assuming the safety and security of the services your vendor provides is dangerous and negligent’

Kelly White, CEO of RiskRecon, commented: “When businesses are outsourcing services to third parties, they often make assumptions about the safety and security of the services they are receiving.

“In the case of WeWork, hundreds of companies had operated on the WeWork network before one finally assessed the security of WeWork’s wireless network. Assuming the safety and security of the services your vendor provides is dangerous and negligent. It’s your risk. You can’t outsource it.”

When approached for comment, We Work has previously cited the required quiet period around its pending IPO, though the company recently revealed that it plans to delay going public amid a reportedly chilly and sceptical reception from investors.

The company has also noted that it offers its members optional additional security measures such as a private VLAN or private office network, both of which cost between $195 and $345 including the initial set-up fees.

Eva Short was a journalist at Silicon Republic