PeopleGrove Reports Exposure of Users' Sensitive Data After Security Lapse

The platform has over 20 million registered users.

PeopleGrove, a company that provides and hosts a social platform for higher education institutions and alumni networks, is currently investigating a security lapse that exposed users' personal information online, according to a report by TechCrunch.

CloudDefense cloud security researcher Anurag Sen discovered the issue and notified TechCrunch, stating that the company left the server hosting an internal database exposed to the internet without a password.

This allowed anyone to access the data using only a web browser and knowledge of its IP address. The server became inaccessible shortly after Sen's discovery.

Chatbot
Sean Gallup/Getty Images

Gigabytes of Data Exposed

The database in question contained gigabytes of personal information, including phone numbers, addresses, email addresses, details of university achievements and scores, and resumes containing detailed work histories and employment details.

Unfortunately, none of the exposed data was encrypted, making it vulnerable to unauthorized access, as per TechCrunch's report.

PeopleGrove's Chief Technology Officer Reilly Davis confirmed that the database was a development server and that an investigation was underway to determine what data was contained within it.

It is unclear why the internal database was accessible from the internet, or why the apparent test database contained real people's information.

TechCrunch said that it was able to confirm some of the exposed data by cross-referencing public records, social media profiles, and other career social networks like LinkedIn.

A user who claimed to have been a former U.S. intelligence officer had their top-secret security clearance details, personal email address, home address, and phone number exposed in their user record.

Another user whose information was part of the data breach confirmed to TechCrunch that their exposed information was accurate. However, they could not provide information about how the data was obtained or who obtained it.

25 Million User Logs

When the data breach was discovered, there were over 25 million user logs on the platform. According to PeopleGrove's website, the platform has over 20 million registered users.

Davis said that the company would notify affected users if their sensitive data had been exposed. He also stated that the company has implemented logging mechanisms in its Google Cloud environment to determine which data may have been accessed or exfiltrated.

The breach has raised concerns about data privacy and security, particularly in the higher education sector where personal information is often used for recruitment and alumni engagement.

The data breach on the platform is a significant issue for its users, particularly those who rely on it for education and career mentoring.

Byline
Tech Times
ⓒ 2024 TECHTIMES.com All rights reserved. Do not reproduce without permission.
Join the Discussion
Real Time Analytics