TZUTC: -0500   
   MSGID: 2025.consprcy@1:2320/105 2dd62352   
   PID: Synchronet 3.21a-Linux master/123f2d28a Jul 12 2025 GCC 12.2.0   
   TID: SBBSecho 3.28-Linux master/123f2d28a Jul 12 2025 GCC 12.2.0   
   BBSID: CAPCITY2   
   CHRS: ASCII 1   
   FORMAT: flowed   
   Top online mentor site UStrive admits breach exposed data on children   
      
   Date:   
   Wed, 21 Jan 2026 13:40:00 +0000   
      
   Description:   
   An error in its website allowed anyone to view sensitive user data, including   
   names and email addresses.   
      
   FULL STORY   
      
   UStrive, a US online mentoring company, was leaking sensitive information on   
   hundreds of thousands of its users.    
      
   Earlier this month, a security researcher who decided to remain anonymous   
   reached out to TechCrunch , saying they discovered a flaw in UStrives website   
   that allowed them to view personal information of other users.    
      
   Since UStrive was using Amazon-hosted GraphQL, which is a query language for   
   APIs that lets clients request exactly the data they need, the researcher was   
   able to see the information in their browser tools while examining network   
   traffic .   
      
   Issue fixed    
      
   The researcher claims that they were able to access sensitive data on 238,000   
   users, including full names, email addresses, phone numbers, as well as other   
   user-provided data. It is also worth mentioning that, due to the nature of    
   the service, many of its users are minors.    
      
   TechCrunch reached out to UStrive directly and, after a little bit of   
   back-and-forth, was informed that the leak was remedied. No other details    
   were shared, so we dont know for how long the information remained    
   accessible, or if anyone accessed it before - especially malicious actors.    
      
   We also dont know how UStrive fixed the problem, or if it will notify the   
   affected individuals of the mishap.    
      
   A legal representative of the company told TechCrunch that it is currently in   
   litigation with one of its former software engineers, which makes it somewhat   
   limited in its ability to respond.    
      
   Database misconfigurations remain one of the main causes of data leaks across   
   the world. In a cloud environment, data security is a shared responsibility,   
   meaning customers are obliged to use all available resources to make their   
   data inaccessible to unauthorized third parties.    
      
   This is often not the case, resulting in major data spills. These can, in   
   turn, lead to financial damage, ruined reputation, loss of business and   
   customers and, in some cases, class-action lawsuits.    
      
    Via TechCrunch    
      
   ======================================================================   
   Link to news story:   
   https://www.techradar.com/pro/security/top-online-mentor-site-ustrive-admits-b   
   reach-exposed-data-on-children   
      
   $$   
   --- SBBSecho 3.28-Linux   
    * Origin: Capitol City Online (1:2320/105)   
   SEEN-BY: 105/81 106/201 128/187 129/14 305 153/7715 154/110 218/700   
   SEEN-BY: 226/30 227/114 229/110 134 206 300 307 317 400 426 428 470   
   SEEN-BY: 229/664 700 705 266/512 291/111 320/219 322/757 342/200 396/45   
   SEEN-BY: 460/58 633/280 712/848 902/26 2320/0 105 304 3634/12 5075/35   
   PATH: 2320/105 229/426