- Researcher found UStrive flaw that exposed sensitive data of 238,000 users, including minors
- The company claims the leak was fixed, but gave no details on duration or notices
- Database misconfigurations often cause leaks, leading to reputational, financial and legal consequences
UStrive, an American online mentoring company, leaked sensitive information about hundreds of thousands of its users.
Earlier this month, a security researcher who decided to remain anonymous reached out TechCrunchand said they discovered a bug in UStrive’s website that allowed them to view personal information about other users.
Since UStrive used Amazon-hosted GraphQL, which is a query language for APIs that lets clients request exactly the data they need, the researcher was able to see the information in their browser tools while examining the network traffic.
Problem solved
The researcher claims that they were able to access sensitive data on 238,000 users, including full names, email addresses, phone numbers, and other user-disclosed data. It is also worth mentioning that due to the nature of the service, many of its users are minors.
TechCrunch contacted UStrive directly and, after some back-and-forth, was informed that the leak had been “fixed.” No other details were shared, so we don’t know how long the information remained available or if anyone had access to it before — especially malicious actors.
We also do not know how UStrive resolved the issue or whether it will notify the affected individuals of the incident.
A legal representative for the company told TechCrunch that it is currently in a lawsuit with one of its former software engineers, making it “somewhat limited in its ability to respond.”
Database misconfigurations remain one of the main causes of data leaks worldwide. In a cloud environment, data security is a shared responsibility, meaning customers are required to use all available resources to make their data inaccessible to unauthorized third parties.
This is often not the case, resulting in large data leaks. These in turn can lead to financial damage, damaged reputations, loss of business and customers and in some cases class action lawsuits.
Via TechCrunch
The best antivirus for all budgets
Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews and opinions in your feeds. Be sure to click the Follow button!
And of course you can too follow TechRadar on TikTok for news, reviews, video unboxings, and get regular updates from us on WhatsApp also.
