What kind of data was exposed on UStrive?

UStrive exposed user data including full names, email addresses, and phone numbers.

Did UStrive notify users about the security incident?

UStrive has not yet stated whether they plan to inform users about the security lapse.

Why did UStrive have a security lapse?

The security lapse was due to a vulnerable GraphQL endpoint on UStrive's mentoring platform.

Home / Technology / UStrive Exposes Student Data in Security Flaw

UStrive Exposes Student Data in Security Flaw

21 Jan

•

Summary

Mentoring site UStrive had a security lapse exposing user data.
Exposed information included names, emails, and phone numbers.
The company is currently in litigation with a former engineer.

UStrive Exposes Student Data in Security Flaw

Online mentoring service UStrive has recently addressed a security vulnerability that compromised the personal data of its users. The exposed information encompassed full names, email addresses, phone numbers, and other details provided by students on the platform. This sensitive data was accessible to any logged-in user through the platform.

UStrive, formerly known as Strive for College, provides online mentorship to high school and college students. A security flaw, identified last week, allowed unauthorized access to user data via a vulnerable GraphQL endpoint hosted on Amazon. The extent of the exposure included an estimated 238,000 user records at the time of discovery.

In response to inquiries, UStrive's Chief Technology Officer confirmed the exposure had been remediated. However, the company has not stated whether users will be informed of the breach. UStrive is reportedly involved in ongoing litigation with a former software engineer, which may impact their communication regarding the incident.