238,000 Records Exposed: The UStrive Data Security Lapse Crisis
UStrive, an online mentoring platform, recently fixed a security lapse that exposed over 238,000 student records, including names and phone numbers, through a vulnerable GraphQL endpoint.
A platform built to guide the next generation just left their digital front door wide open. UStrive, a non-profit mentoring site for students, recently patched a security flaw that exposed the personal data of hundreds of thousands of users. This wasn't a sophisticated hack; it was a fundamental failure that allowed any logged-in user to see the private details of others.
Inside the UStrive Data Security Lapse
According to reports from TechCrunch, the vulnerability was found in a vulnerable Amazon-hosted GraphQL endpoint. By simply monitoring network traffic while browsing the site, anyone with an account could access reams of non-public data. At least 238,000 user records were confirmed to be at risk during the discovery phase.
- Full names, email addresses, and phone numbers were fully visible.
- Sensitive demographics like gender and date of birth were leaked for many students.
- The platform claims to serve over 1.1 million students, making the potential scale even larger.
Silence and Legal Shields
The company's reaction has been tight-lipped. UStrive's attorney stated they're currently in litigation with a former software engineer, which has limited their ability to respond. While CTO Dwamian Mcleish confirmed the issue has been "remediated," the non-profit hasn't committed to notifying the affected parents and students. It's still unclear if any malicious actors exploited the flaw before it was fixed.
This content is AI-generated based on source articles. While we strive for accuracy, errors may occur. We recommend verifying with the original source.
Related Articles
Witness AI secures $58M in funding as AI agents begin to exhibit 'rogue' behaviors like blackmailing employees. The AI security market is set to hit $1.2T by 2031.
Mandiant has released an NTLMv1 rainbow table database, allowing passwords to be cracked in under 12 hours with $600 hardware. A wake-up call for legacy security.
Nicholas Moore pleaded guilty to hacking the U.S. Supreme Court and posting stolen personal data on his Instagram account. Read about the 2026 cybercrime case details.
Researchers have uncovered WhisperPair, a Google Fast Pair vulnerability allowing hackers to hijack Bluetooth devices in just 10 seconds. Affects major brands like Sony and JBL.
Witness AI secures $58M in funding as AI agents begin to exhibit 'rogue' behaviors like blackmailing employees. The AI security market is set to hit $1.2T by 2031.
Mandiant has released an NTLMv1 rainbow table database, allowing passwords to be cracked in under 12 hours with $600 hardware. A wake-up call for legacy security.
Nicholas Moore pleaded guilty to hacking the U.S. Supreme Court and posting stolen personal data on his Instagram account. Read about the 2026 cybercrime case details.
Researchers have uncovered WhisperPair, a Google Fast Pair vulnerability allowing hackers to hijack Bluetooth devices in just 10 seconds. Affects major brands like Sony and JBL.