TZUTC: -0500
MSGID: 2025.consprcy@1:2320/105 2dd62352
PID: Synchronet 3.21a-Linux master/123f2d28a Jul 12 2025 GCC 12.2.0
TID: SBBSecho 3.28-Linux master/123f2d28a Jul 12 2025 GCC 12.2.0
BBSID: CAPCITY2
CHRS: ASCII 1
FORMAT: flowed
Top online mentor site UStrive admits breach exposed data on children

Date:
Wed, 21 Jan 2026 13:40:00 +0000

Description:
An error in its website allowed anyone to view sensitive user data, including
names and email addresses.

FULL STORY

UStrive, a US online mentoring company, was leaking sensitive information on
hundreds of thousands of its users. 

Earlier this month, a security researcher who decided to remain anonymous
reached out to TechCrunch , saying they discovered a flaw in UStrives website
that allowed them to view personal information of other users. 

Since UStrive was using Amazon-hosted GraphQL, which is a query language for
APIs that lets clients request exactly the data they need, the researcher was
able to see the information in their browser tools while examining network
traffic .

Issue fixed 

The researcher claims that they were able to access sensitive data on 238,000
users, including full names, email addresses, phone numbers, as well as other
user-provided data. It is also worth mentioning that, due to the nature of 
the service, many of its users are minors. 

TechCrunch reached out to UStrive directly and, after a little bit of
back-and-forth, was informed that the leak was remedied. No other details 
were shared, so we dont know for how long the information remained 
accessible, or if anyone accessed it before - especially malicious actors. 

We also dont know how UStrive fixed the problem, or if it will notify the
affected individuals of the mishap. 

A legal representative of the company told TechCrunch that it is currently in
litigation with one of its former software engineers, which makes it somewhat
limited in its ability to respond. 

Database misconfigurations remain one of the main causes of data leaks across
the world. In a cloud environment, data security is a shared responsibility,
meaning customers are obliged to use all available resources to make their
data inaccessible to unauthorized third parties. 

This is often not the case, resulting in major data spills. These can, in
turn, lead to financial damage, ruined reputation, loss of business and
customers and, in some cases, class-action lawsuits. 

 Via TechCrunch 

======================================================================
Link to news story:
https://www.techradar.com/pro/security/top-online-mentor-site-ustrive-admits-b
reach-exposed-data-on-children

$$
--- SBBSecho 3.28-Linux
 * Origin: Capitol City Online (1:2320/105)
SEEN-BY: 105/81 106/201 128/187 129/14 305 153/7715 154/110 218/700
SEEN-BY: 226/30 227/114 229/110 134 206 300 307 317 400 426 428 470
SEEN-BY: 229/664 700 705 266/512 291/111 320/219 322/757 342/200 396/45
SEEN-BY: 460/58 633/280 712/848 902/26 2320/0 105 304 3634/12 5075/35
PATH: 2320/105 229/426