Time tracking app behind 21M+ screenshot data leak

The time tracking and employee monitoring app WorkComposer has exposed more than 21 million private screenshots of remote workers, as reported by Cybernews on April 24, 2025.
The screenshot data leak occurred due to an unprotected Amazon S3 bucket, a type of digital cloud-based folder, compromising the privacy and security of thousands of users worldwide.
The exposed screenshots included sensitive internal content such as emails, passwords, chats, client data, and business documentation. The leak has reignited debate over the ethics and risks of remote monitoring software.
How Did the Screenshot Data Leak Happen?
WorkComposer is an app that tracks work hours and logs user activity of remote workers. It captures screen images at regular intervals as part of its functionality.
The breach involved a cloud-based folder used to store sensitive screenshot image files. These screenshots were left exposed due to improper permission settings, meaning the images were accessible to the public with no authentication required.
What are the Implications for Time Tracking Software Users?
The leak raises concerns about security and the use of surveillance tools in the workplace. For employers, the risk is twofold: data privacy violations and loss of employee trust. The presence of sensitive business documents and identifiable user data in the leak could leave companies exposed to legal action under data protection laws.
Employees caught in the leak may be unaware that such granular tracking occurred in the first place. The exposure of private messages, password managers, and internal tools puts their digital identities and professional reputations at risk.
While monitoring tools such as WorkComposer are not illegal, failing to secure collected data is a major liability. Organizations that fail to conduct due diligence on third-party software may still find themselves liable for breaches they didn’t directly cause.
WorkComposer has not issued a public statement at the time of writing. While the unsecured bucket has since been taken offline, the duration of the exposure remains unknown.
A recurring issue
This is not the first incident of its kind. A similar breach discovered in June 2024 saw another monitoring software, WebWork, expose over 13 million screenshots. Despite previous warnings from the info-security community, security in monitoring applications continues to lag behind their widespread adoption.
How Remote Employees Can Protect Their Data?
If your company uses WorkComposer or a similar monitoring tool, and you suspect you were affected by a data leak, here’s what to do:
- Change all work-related passwords. Use a password manager to generate and store strong, unique passwords.
- Enable Multi-Factor Authentication (MFA) across your work accounts and platforms.
- Check if your credentials have been compromised using free sites like SurfShark.
- Notify your IT department or supervisor and request an internal investigation.
- Remain cautious of phishing emails or any strange activity.
What are the Lessons Learned?
The real lesson from this screenshot data leak isn’t about one company or one vulnerability, it’s a systemic failure to treat employee surveillance data with the seriousness it deserves. While monitoring tools may improve accountability, they should not come at the cost of digital safety.
Related Content:
Ways to Get Around Screenshot Monitoring
Employee Monitoring Evasion Tactics in the Age of Remote Work
How Far Can Employee Monitoring Go in the US?