A shared user account used by WeWork employees to access printer settings and print jobs had such an incredibly simple password that a customer guessed it, according to TechCrunch. WeWork customers normally have an assigned seven-digit username and a four-digit passcode used for printing documents at WeWork locations. But the username for the account used by WeWork employees was just four-digits: “9999” – and the password was the same as the username. The “9999” account is used by and shared among WeWork community managers, who oversee day-to-day operations at each location, to print documents for visitors who don’t have accounts to print on their own. The account cannot be used to access print jobs sent to other customer accounts. While this shared account could not see the contents of documents beyond file names, logging into the WeWork printing web portal could allow users to release other people’s pending print jobs sent to the “9999” account to any other WeWork printer on the network.

Subscribe
Notify of
guest

1 Expert Comment
Most Voted
Newest Oldest
Inline Feedbacks
View all comments
Jake Moore
Jake Moore , Cybersecurity Specialist
InfoSec Expert
November 2, 2020 3:48 pm

Such poor password practice simply highlights the fact that many people still wrongly favor convenience over security. Using short, guessable passwords shines a light on the lack of awareness amongst both individuals and organisations: either people do not care about their cybersecurity or they do not fully understand the risks involved. By not forcing users to choose stronger passwords or implementing processes like two-factor authentication, organisations place data and systems in jeopardy if an attack were to occur. Simple attacks still make up a huge portion of cyberattacks and must not be overlooked.

Last edited 1 year ago by Jake Moore
Information Security Buzz
1
0
Would love your thoughts, please comment.x
()
x