A shared user account used by WeWork Employees who had access to printer settings and jobs had an incredibly simple password – so simple a customer would have guessed it.
Jake Elsley, who works at a WeWork in London, said he found the user account after a WeWork employee at his location accidentally logged in the account.
WeWork customers like Elsley typically have a seven-digit username and four-digit passcode that is used to print documents at WeWork locations. However, the username for the account used by WeWork employees was only four digits: "9999". Elsley told TechCrunch that he guessed the password because it was the same as the username. ("9999" is classified as one of the most commonly used passwords, making it very insecure.)
Read more about Extra Crunch
The "9999" account is used and shared by WeWork community managers who oversee day-to-day operations at each location to print documents for visitors who do not have their own accounts to print. The account cannot be used to access print jobs sent to other customer accounts.
Elsley said that the "9999" account could not see the contents of documents beyond file names, but that logging into the WeWork print web portal could allow them to forward other people's pending print jobs sent to the "9999" account other WeWork employees forward printers on the network.
Elsley says the print web portal can only be accessed on WeWork's Wi-Fi networks. However, that includes the free guest Wi-Fi network that has no password and WeWork's main Wi-Fi network, which continues to use a password, has been widely used on the internet.
Elsley reached out to TechCrunch and asked us to alert the company to the insecure password.
"WeWork is committed to protecting the privacy and security of our members and employees," said WeWork spokesman Colin Hart. “We immediately initiated an investigation into this potential issue and took steps to address any concerns. We are also nearing the end of a multi-month process of upgrading all of our printing capabilities to a world-class security and experience solution. We expect this process to be completed in the coming weeks. "
WeWork confirmed that the password for the "9999" user account has now been changed.