1. Forum
  2. FidoNet Int
  3. consprcy

  • Top online mentor site US

    From Mike Powell@1:2320/105 to All on Wed Jan 21 09:40:41 2026
    Top online mentor site UStrive admits breach exposed data on children

    Date:
    Wed, 21 Jan 2026 13:40:00 +0000

    Description:
    An error in its website allowed anyone to view sensitive user data, including names and email addresses.

    FULL STORY

    UStrive, a US online mentoring company, was leaking sensitive information on hundreds of thousands of its users.

    Earlier this month, a security researcher who decided to remain anonymous reached out to TechCrunch , saying they discovered a flaw in UStrives website that allowed them to view personal information of other users.

    Since UStrive was using Amazon-hosted GraphQL, which is a query language for APIs that lets clients request exactly the data they need, the researcher was able to see the information in their browser tools while examining network traffic .

    Issue fixed

    The researcher claims that they were able to access sensitive data on 238,000 users, including full names, email addresses, phone numbers, as well as other user-provided data. It is also worth mentioning that, due to the nature of
    the service, many of its users are minors.

    TechCrunch reached out to UStrive directly and, after a little bit of back-and-forth, was informed that the leak was remedied. No other details
    were shared, so we dont know for how long the information remained
    accessible, or if anyone accessed it before - especially malicious actors.

    We also dont know how UStrive fixed the problem, or if it will notify the affected individuals of the mishap.

    A legal representative of the company told TechCrunch that it is currently in litigation with one of its former software engineers, which makes it somewhat limited in its ability to respond.

    Database misconfigurations remain one of the main causes of data leaks across the world. In a cloud environment, data security is a shared responsibility, meaning customers are obliged to use all available resources to make their
    data inaccessible to unauthorized third parties.

    This is often not the case, resulting in major data spills. These can, in
    turn, lead to financial damage, ruined reputation, loss of business and customers and, in some cases, class-action lawsuits.

    Via TechCrunch

    ======================================================================
    Link to news story: https://www.techradar.com/pro/security/top-online-mentor-site-ustrive-admits-b reach-exposed-data-on-children

    $$
    --- SBBSecho 3.28-Linux
    * Origin: Capitol City Online (1:2320/105)