The online mentoring site UStrive exposed email addresses, phone numbers, and other non-public information to other logged-in users. The nonprofit told TechCrunch that the issue is now fixed, but wouldn't commit to alerting affected individuals.

TechCrunch (TC) is a leading technology news and media site that covers the latest trends, startups, and innovations in the tech industry. With breaking news,  analysis, and expert commentary, TechCrunch provides  insights into the world of technology and entrepreneurship. Developers can learn about emerging technologies, funding opportunities, and market trends by following TechCrunch's coverage of the tech industry.

TechCrunch

UStrive, an online mentoring platform for students, exposed personal data of at least 238,000 users through a vulnerable GraphQL endpoint. The security flaw allowed any logged-in user to access full names, email addresses, phone numbers, dates of birth, and other private information by examining network traffic. The nonprofit fixed the issue after TechCrunch's notification but declined to commit to alerting affected users, citing ongoing litigation with a former software engineer.

UStrive security lapse exposed personal data of its users, including children