PeopleGrove, a company that provides and hosts a social platform for higher education institutions and alumni networks, is currently investigating a security lapse that exposed users' personal information online, according to a report by TechCrunch

CloudDefense cloud security researcher Anurag Sen discovered the issue and notified TechCrunch, stating that the company left the server hosting an internal database exposed to the internet without a password.

This allowed anyone to access the data using only a web browser and knowledge of its IP address. The server became inaccessible shortly after Sen's discovery.

2020 Saw Sharp Rise In Global Cybercrime
(Photo : Sean Gallup/Getty Images)
BERLIN, GERMANY - JANUARY 25: In this photo illustration a young man types on an illuminated computer keyboard typically favored by computer coders on January 25, 2021 in Berlin, Germany. 2020 saw a sharp rise in global cybercrime that was in part driven by the jump in online retailing that ensued during national lockdowns as governments sought to rein in the coronavirus pandemic.

Gigabytes of Data Exposed

The database in question contained gigabytes of personal information, including phone numbers, addresses, email addresses, details of university achievements and scores, and resumes containing detailed work histories and employment details. 

Unfortunately, none of the exposed data was encrypted, making it vulnerable to unauthorized access, as per TechCrunch's report.

PeopleGrove's Chief Technology Officer Reilly Davis confirmed that the database was a development server and that an investigation was underway to determine what data was contained within it. 

It is unclear why the internal database was accessible from the internet, or why the apparent test database contained real people's information.

TechCrunch said that it was able to confirm some of the exposed data by cross-referencing public records, social media profiles, and other career social networks like LinkedIn. 

A user who claimed to have been a former U.S. intelligence officer had their top-secret security clearance details, personal email address, home address, and phone number exposed in their user record.

Another user whose information was part of the data breach confirmed to TechCrunch that their exposed information was accurate. However, they could not provide information about how the data was obtained or who obtained it.

Read Also: North Korean State-Sponsored Hackers Have Been Attacking Healthcare Providers Since 2021 - US Authorities Warn 

25 Million User Logs

When the data breach was discovered, there were over 25 million user logs on the platform. According to PeopleGrove's website, the platform has over 20 million registered users. 

Davis said that the company would notify affected users if their sensitive data had been exposed. He also stated that the company has implemented logging mechanisms in its Google Cloud environment to determine which data may have been accessed or exfiltrated. 

The breach has raised concerns about data privacy and security, particularly in the higher education sector where personal information is often used for recruitment and alumni engagement.  

The data breach on the platform is a significant issue for its users, particularly those who rely on it for education and career mentoring. 

Related Article: FBI: Beware of Deepfakes, Tech Jobs Interviews May Contain Stolen Information and Deceive Public 

Byline

ⓒ 2024 TECHTIMES.com All rights reserved. Do not reproduce without permission.
Join the Discussion