Lax WiFi Security At WeWork Leaves All Of Its Members Vulnerable To Cyberattacks
The hits just keep on coming for WeWork: Now even its WiFi is under scrutiny for poor oversight.
The coworking arm and central business of The We Company prides itself on digital connectivity, but its WiFi networks fail basic security standards of the internet for businesses, Fast Company and CNET report.
One of those failures may be its WiFi password, which may be the same across all of its locations, and which Fast Company said "regularly appeared on lists of the worst passwords that anyone can possibly choose." It also appears in plain text on WeWork's app for members.
Bisnow rents office space at six WeWork locations across the country and has visited several more, and like Fast Company and CNET, could not find an instance when the WiFi network had a different name or password. The password has been in use for at least four years in a Financial District location in New York, a WeWork member's employee told CNET.
In 2015, that employee noticed that he could easily see files and drives of other computers and devices in the workspace. He brought his concerns about the lack of security to the attention of WeWork staff, who responded with indifference, CNET reports.
The We Company declined to comment on whether the password is the same in every location, citing the quiet period before its initial public offering. A spokesperson responded with a general statement on its cybersecurity:
"WeWork takes the security and privacy of our members seriously and we are committed to protecting our members from digital and physical threats," the statement read. "In addition to our standard WeWork network, we offer members the option to elect various enhanced security features, such as a private VLAN, a private SSID or a dedicated end-to-end physical network stack."
The option for added security costs $195/month with a $250 setup fee, Fast Company reports. Without it, WeWork members connect to a WPA2 network, a setup common on home routers that allows anyone with the password to decrypt files from nearby computers, according to the Wi-Fi Alliance, the organization that sets industry WiFi standards.
If WeWork's networks were to become compromised, the damage could extend beyond its membership. Sensitive documents and private contracts between WeWork member companies and outside business partners are, in at least some cases, easily viewable within the local network, CNET reports.
The revelations about WeWork's security issues come as part of an avalanche of bad publicity that began when The We Company filed a prospectus for its initial public offering. Concerns ranged from the company's prodigious outflow of capital and opaque accounting to the eyebrow-raising behavior of co-founder and CEO Adam Neumann.
The We Company's most recent valuation as a private company was $47B earlier this year, driven by billions of dollars from Japanese investment firm SoftBank. As the company opened its books, potential public investors' reaction was so negative that the company reportedly planned to slash its valuation to less than $15B before the IPO was shelved indefinitely.