A WeWork tenant found its weak WiFi security exposed bank details, driving licenses, and a virtual birthday card featuring Nicholas Cage as a cat
Jackal Pan via Reuters
- A WeWork tenant working out of a Manhattan WeWork building was easily able to view hundreds of sensitive documents belonging to other companies in the building thanks to poor WiFi safeguards, CNET reports.
- Teemu Airamo brought this to the attention of the company in 2015, but the WeWork representative he told "denied flat out that this was a problem."
- The problem has not gone away in four years, as Airamo regularly scans the building's WiFi and finds he can view files including driving licenses, bank account details, and in one case a birthday card containing an image of Nicolas Cage's face superimposed onto a cat.
- Visit Business Insider's homepage for more stories.
WeWork's WiFi security is so shoddy that it has been exposing tenants' sensitive data for years, a new report from CNET shows.
CNET spoke to Teemu Airamo, who started working in a WeWork office in 2015 with his digital media company.
Airamo wanted to check how secure WeWork's WiFi was, and found immediately that he was able to view hundreds of sensitive documents belonging to other companies in the building. Airamo alerted WeWork's community manager to the problem, only to find they already knew about it.
"The first initial community manager in 2015 completely denied flat out that this was a problem," Airamo told CNET.
Airamo has remained in the building for four years and routinely runs WiFi scans to see if WeWork's network has improved. According to CNET, he has been able to view scans of people's driver's licenses, passports, private emails, bank account usernames and passwords, and even health records. Less sensitive data was also visible to Airamo, including a birthday card containing an image of Nicolas Cage's face superimposed onto a cat.
WeWork's weak WiFi was first exposed in a Fast Company report from August, which pointed out that many WeWork locations share the same easily-guessable passwords. WeWork said in the Fast Company piece that it was planning to roll out a new layer of security technology called 802.1x - which would verify users' identity - in the first quarter of 2020.
CNET's report comes at a delicate time for WeWork, as its highly publicized IPO has reportedly been delayed. In its S-1 paperwork, WeWork said that it has 527,000 members, i.e. businesses and freelancers that use its offices.
"WeWork takes the security and privacy of our members seriously and we are committed to protecting our members from digital and physical threats," a WeWork spokeswoman told Business Insider in a statement.
"In addition to our standard WeWork network, we offer members the option to elect various enhanced security features, such as a private VLAN, a private SSID, or a dedicated end-to-end physical network stack," she added.
As noted by CNET, these additional security measures don't come included in a WeWork membership. The private VLAN costs $95 per month with a $250 set-up fee while a private office network costs $195 a month, according to WeWork's website.