2 min read
WorkComposer breach leaks 21 million employee screenshots
Farah Amod
May 6, 2025 6:37:50 PM

Approximately 21 million employee screenshots were leaked in a massive breach of the surveillance tool WorkComposer, exposing sensitive workplace data.
What happened
Over 21 million screenshots from a workplace surveillance software called WorkComposer have been exposed in a data breach, revealing sensitive employee and corporate information. The leak was uncovered by Cybernews researchers, who found the images stored on an unsecured Amazon S3 bucket accessible to the public. WorkComposer, a productivity monitoring tool, is widely used by IT departments to oversee employee activity through features like keylogging and automated screen captures.
Going deeper
The leaked screenshots included full-screen images of emails, internal chats, and confidential business documents, putting thousands of employees and companies at risk of exposure. WorkComposer reportedly acted quickly to secure the data once informed, but the open access likely lasted long enough for malicious actors to view or download the content.
The breach could lead to violations of global privacy laws such as the European Union’s GDPR and California’s CCPA. Organizations that relied on the tool may face legal consequences for failing to protect employee data adequately. Beyond the legal implications, the leaked screenshots could lead to identity theft, credential compromise, and follow-up attacks on affected companies.
WorkComposer is used by more than 200,000 individuals across various organizations. While the platform is intended to enhance workplace productivity, its surveillance features, especially screenshot monitoring, raise serious ethical concerns about transparency and employee consent. The captured content may include not just work-related data but also personal information that is inadvertently swept up by the tool.
What was said
Although WorkComposer has not released a formal statement, Cybernews and Tom’s Guide both confirmed that the company was notified of the exposure and has since locked down public access. No official figures have been released on how many organizations or employees were directly impacted.
FAQs
What kind of companies typically use WorkComposer?
WorkComposer is commonly used by IT departments, outsourcing firms, and companies with remote or hybrid teams to monitor productivity and track employee activity.
Can affected employees take legal action?
Depending on local data protection laws, employees may have grounds to file complaints or legal claims if their personal data was exposed without proper consent or safeguards.
How can companies protect against similar breaches?
Organizations should audit third-party tools for security practices, enforce access controls, and avoid storing sensitive data on unsecured cloud services.
Are surveillance tools like WorkComposer legal?
Yes, but legality depends on jurisdiction. Some regions require employee consent and clear disclosure, especially under laws like GDPR and CCPA.
What are the ethical concerns with employee surveillance software?
Critics argue that these tools can violate privacy, erode trust, and capture non-work-related personal information, especially when monitoring is done without transparency.c