A recently fixed security flaw on the mentorship platform UStrive exposed personal information belonging to its users, including minors, according to a report by TechCrunch. The issue, which has now been resolved, made some user data accessible without proper authorization.
TL;DR
- TechCrunch found that a vulnerability on UStrive’s website exposed personal user information.
- The exposed details reportedly included names, email addresses, and birthdates.
- Some of the affected accounts belonged to students under 18 years old.
- UStrive fixed the flaw after being contacted by TechCrunch.
- No evidence suggests that messages, passwords, or sensitive communications were exposed.
According to TechCrunch, the issue was brought to the publication’s attention by an anonymous individual who discovered that certain user data on UStrive’s website could be accessed without logging in. TechCrunch independently verified that the exposed information included names, email addresses, and dates of birth linked to both students and mentors registered on the platform.
UStrive, which connects students with volunteer mentors to help guide their academic and career goals, acknowledged the problem and quickly resolved it after being notified.
“We take privacy and security extremely seriously and appreciate TechCrunch bringing this to our attention,” a UStrive spokesperson told the publication. “The issue was promptly addressed, and we have confirmed that our systems are now secure.”
While the exposed data did not include sensitive fields such as passwords, private messages, or financial details, the presence of personally identifiable information belonging to minors raises potential privacy concerns under U.S. child data protection laws, such as the Children’s Online Privacy Protection Act (COPPA).
TechCrunch reported that it was unclear whether anyone other than the anonymous tipster had accessed the exposed data before it was secured. The publication also noted that UStrive has not publicly stated whether affected users have been notified or if the company plans to file any formal regulatory disclosures regarding the incident.
Topics For More Insights
Founded in 2013, UStrive offers free online mentoring to students aged 13 to 24, aiming to expand access to educational and career opportunities. The company says it has helped over 100,000 students since its launch.
The exposure underscores the challenges education-focused and mentorship platforms face in securing user information, particularly when young users are involved. Privacy advocates say that even brief lapses in access control can carry significant implications when minors’ personal data is at risk.
As of the time of TechCrunch’s reporting, the vulnerability had been fixed, and no misuse of the data has been confirmed.
Join The Discussion