Higher education institutions have embraced online platforms to facilitate communication and collaboration among students, faculty, and alumni. However, with convenience comes risk, and this risk has been starkly highlighted by a recent discovery made by CloudDefense.AI.
The Unsecured Database: How Did It Happen?
An unsecured database containing personal information of millions of users of a higher education social platform was recently discovered by a security researcher. The social platform, formerly known as CampusKudos and now called PeopleGrove, left an internal database exposed to the internet without a password, allowing anyone with knowledge of its IP address to access the data using a web browser.
The exposed database contained gigabytes of personal information, including email addresses, phone numbers, addresses, details of university achievements and scores, and resumes containing detailed work histories and employment details. Shockingly, none of the exposed data was encrypted, making it easy for anyone to access and steal sensitive personal information.
CloudDefense.AI’s Discovery and Response
CloudDefense.AI security researcher, Anurag Sen, discovered the database on Thursday and immediately contacted TechCrunch, who then notified PeopleGrove. The server hosting the database became inaccessible soon after.
PeopleGrove’s Chief Technology Officer, Reilly Davis, confirmed that the database was for their development servers and that most of the data was non-production test data. However, it’s still unclear why the test database contained real people’s information, and the company is currently investigating how and why the database became accessible from the internet.
TechCrunch verified the exposed data by matching contact information using public records, social media profiles, and career social networks like LinkedIn. Shockingly, some of the exposed information included details of a user’s former top secret security clearance and personal contact information, including home address, personal email, and phone number.
PeopleGrove’s Website Claim
At the time of discovery, the database had more than 25 million logs, while PeopleGrove’s website claims to have more than 20 million users. PeopleGrove’s CTO, Davis, has promised to notify affected users “if we do find their sensitive data was exposed” and said that the company has implemented logging within its Google Cloud environment to determine what data may have been accessed or exfiltrated.
This recent incident highlights the importance of proper security measures when storing sensitive personal information. It also serves as a warning to companies to regularly check and monitor their databases for any vulnerabilities that could lead to data breaches.
What should I do if I am a user of the affected Higher Education Social Platform?
If you are a user of the affected platform, it is essential to change your passwords immediately, monitor your financial accounts, and be cautious of phishing attempts.
How can I protect my personal data online?
To protect your personal data, use strong, unique passwords for each online account, enable two-factor authentication, and regularly update your security settings.
The unsecured database discovery by CloudDefense.AI serves as a stark reminder of the vulnerabilities in our digital world. Data security is not an option but a necessity. It underscores the need for companies to regularly audit and monitor their databases for vulnerabilities that could potentially lead to devastating data breaches. As we navigate an increasingly interconnected digital landscape, safeguarding personal data must remain a paramount priority for all organizations.