UStrive, an online mentoring platform, recently experienced a security lapse that exposed the personal information of its users, including minors. The breach allowed any logged-in user to access sensitive data such as full names, email addresses, phone numbers, and other non-public details.
According to a report by TechCrunch, the security flaw was identified by an anonymous source who discovered that user data could be accessed by examining network traffic. The breach was attributed to a vulnerable Amazon-hosted GraphQL endpoint, providing unauthorized access to a significant number of user records. The exposed information varied from user to user, with some records containing additional details like gender and date of birth.
UStrive, formerly known as Strive for College, offers mentorship services to high school and college students through its platform. Despite fixing the issue, the nonprofit has not confirmed if affected individuals will be notified about the breach. This incident raises concerns about data privacy and security measures on online educational platforms that handle sensitive information, especially for minors.
Following TechCrunch’s notification, UStrive’s legal representation mentioned ongoing litigation with a former software engineer, limiting the organization’s response capabilities. The exposure of private user data underscores the importance of robust cybersecurity protocols for organizations handling sensitive information.
Source: TechCrunch