WeWork customers' confidential contract and bank account details left exposed on GitHub

The issue impacted a subset of WeWork customers based in Europe, India, and China

A GitHub repository has been found leaking confidential contracts and other data belonging to the customers of WeWork.

The leak was first spotted by Mossab Hussein, a security researcher at Dubai-based security firm SpiderSilk.

The issue affected a subset of WeWork customers based in Europe, India, and China, exposing their phone numbers, addresses and even their bank account details. The repository contained a script with URLs of hundreds of PDF files hosted on unprotected Amazon servers. These URLs were publically accessible without authentication.

Motherboard, to whom SpiderSilk disclosed the breach, said it downloaded more than 160 PDFs, which appeared to be contracts between WeWork and individual customers.

Additionally, Hussein also spotted a web portal related to WeWork in India exposing information on sales leads.

The GitHub repository was secured shortly after WeWork was informed. The Indian web portal domain was also quickly secured.

"WeWork was recently alerted to two personal GitHub pages with public settings that linked to certain company confidential information and another instance in which an affiliated company had posted information regarding sales leads in a manner that was not authorised," a WeWork spokesperson told Motherboard.

"We immediately initiated an investigation and took steps to limit access to the information," they added.

The news of WeWork data leak coincides with the lay-offs of thousands of employees at the company in order to cut costs amid ongoing losses.

Earlier this month, WeWork told shareholders that it lost approximately $1.3 billion in the third quarter alone.

The company was valued at $50 billion earlier this year, but was forced to scrap plans for an IPO in September. Its founder and CEO Adam Neumann was also forced out.

SoftBank, the largest investor in WeWork, also announced its decision last month to buy 80 per cent of the struggling company.