- A researcher discovered a UStrive breach exposing the sensitive data of 238,000 users, including minors.
- The company says the leak has been fixed but gave no details on duration or notifications
- Database misconfigurations often cause leaks, leading to reputational, financial and legal consequences.
UStrive, an American online mentoring company, leaked sensitive information about hundreds of thousands of its users.
Earlier this month, a security researcher who decided to remain anonymous contacted TechCrunchclaiming to have discovered a flaw in UStrive’s website that allowed them to view other users’ personal information.
Because UStrive used Amazon-hosted GraphQL, a query language for APIs that allows customers to request exactly the data they need, the researcher was able to see the information in his browser tools while examining network traffic.
Problem solved
The researcher claims to have been able to access the sensitive data of 238,000 users, including full names, email addresses, phone numbers, and other data provided by users. It is also worth mentioning that due to the nature of the service, many of its users are minors.
TechCrunch contacted UStrive directly and, after some back and forth, was informed that the leak was “fixed.” No further details were shared, so we don’t know how long the information remained accessible, or if anyone accessed it before – particularly bad actors.
We also don’t know how UStrive resolved the issue, or if it will notify affected people of the incident.
A legal representative for the company told TechCrunch that it is currently in litigation with one of its former software engineers, making it “somewhat limited in its ability to respond.”
Database misconfigurations remain one of the leading causes of data leaks worldwide. In a cloud environment, data security is a shared responsibility, meaning customers are obligated to use all available resources to make their data inaccessible to unauthorized third parties.
This is often not the case, leading to significant data leaks. These can, in turn, lead to financial damage, a ruined reputation, loss of business and customers and, in some cases, class action lawsuits.
Via TechCrunch
The best antivirus for every budget
Follow TechRadar on Google News And add us as your favorite source to get our news, reviews and expert opinions in your feeds. Make sure to click the Follow button!
And of course you can too follow TechRadar on TikTok for news, reviews, unboxings in video form and receive regular updates from us on WhatsApp Also.
