Employee monitoring app exposes 21M work screens

workcomposer data leak — Image by Cybernews

A surveillance tool meant to keep tabs on employees is leaking millions of real-time screenshots onto the open web.

Your boss watching your screen isn't the end of the story. Everyone else might be watching, too. Researchers at Cybernews have uncovered a major privacy breach involving WorkComposer, a workplace surveillance app used by over 200,000 people across countless companies.

The app, designed to track productivity by logging activity and snapping regular screenshots of employees’ screens, left over 21 million images exposed in an unsecured Amazon S3 bucket, broadcasting how workers go about their day frame by frame.

The leaked data is extremely sensitive, as millions of screenshots from employees' devices could not only expose full-screen captures of emails, internal chats, and confidential business documents, but also contain login pages, credentials, API keys, and other sensitive information that could be exploited to attack businesses worldwide.

Cybernews contacted the company, and access has now been secured. An official comment has yet to be received.

Why leaking screenshots matter

Emails, documents, and projects meant for internal eyes only are now fair game for anyone with an internet connection.
Usernames and passwords visible in screenshots can lead to hijacked accounts and deeper breaches of businesses worldwide.
Companies using WorkComposer may now be staring down the barrel of European General Data Protection Regulation (GDPR) or the California Consumer Privacy Act (CCPA) violations and other legal nightmares.

Time-tracking tools are leaking data

WorkComposer is one of many time-tracking tools that have crept into modern work culture. Marketed as a way to keep teams “accountable,” the software logs keystrokes, tracks how long you spend on each app, and snaps desktop screenshots every few minutes.

The leak shows just how dangerous this setup becomes when basic security hygiene is ignored. A leak of this magnitude turns everyday work activity into a goldmine for cybercriminals.

Screenshots that capture login pages, email inboxes, internal messaging platforms, and financial documents offer a window into the inner workings of companies and their employees.

A single exposed screenshot showing a visible password, API key, or sensitive conversation can lead to credential theft, phishing attacks, or even corporate espionage.

The leak's real-time nature only amplifies the danger, as threat actors could monitor unfolding business operations as they happen, giving them access to otherwise locked-down environments.

Beyond immediate cybersecurity risks, there's also a deep privacy violation at play. Time-tracking tools already sit in murky ethical territory, capturing minute-by-minute snapshots of a worker's digital behavior under the banner of productivity.

Workers have no control over what ends up in those screenshots – be it a personal email, a medical appointment, or a confidential project. With millions of images floating publicly, it's not just corporate data that’s vulnerable – it’s people.

As troubling as this is, it’s far from the first time time-tracking apps have spilled workers’ digital lives all over the internet.

In a previous Cybernews investigation, WebWork, a tracker pitched at remote teams, was found to have leaked over 13 million screenshots, packed with emails, passwords, and other private scraps of people’s workdays.