- A researcher found a flaw in UStrive that exposed sensitive data of 238,000 users, including minors
- The company claims the breach has been fixed but did not provide details on the duration or notifications.
- Database misconfigurations often cause breaches, which has legal, financial, and reputational consequences.
UStrive, an American online tutoring company, was leaking sensitive information about hundreds of thousands of its users.
Earlier this month, a security researcher who chose to remain anonymous approached TechCrunchsaying they discovered a flaw on the UStrive website that allowed them to view other users’ personal information.
Because UStrive used Amazon-hosted GraphQL, which is a query language for APIs that allows clients to request exactly the data they need, the researcher was able to see the information in his browser tools while examining network traffic.
Problem solved
The researcher claims that they were able to access sensitive data of 238,000 users, including full names, email addresses, phone numbers, and other data provided by users. It is also worth mentioning that, due to the nature of the service, many of its users are minors.
TechCrunch reached out to UStrive directly and, after some back and forth, was informed that the leak had been “remedied.” No other details were shared, so we don’t know how long the information remained accessible, or if anyone accessed it before, especially malicious actors.
We also don’t know how UStrive fixed the problem or if it will notify affected people of the mishap.
A legal representative for the company told TechCrunch that it is currently in litigation with one of its former software engineers, making it “somewhat limited in its ability to respond.”
Database misconfigurations remain one of the leading causes of data leaks worldwide. In a cloud environment, data security is a shared responsibility, meaning that customers are required to use all available resources to make their data inaccessible to unauthorized third parties.
This is often not the case, leading to major data leaks. This, in turn, can lead to financial damage, ruined reputation, loss of business and customers, and in some cases, class action lawsuits.
Through TechCrunch
The best antivirus for all budgets
Follow TechRadar on Google News and add us as a preferred source to receive news, reviews and opinions from our experts in your feeds. Be sure to click the Follow button!
And of course you can also follow TechRadar on TikTok for news, reviews, unboxings in video form and receive regular updates from us on WhatsApp also.
