Massive Data Breach Exposes University Student’s Passports
Leverage EDU, a well-known platform for university admissions, exposed about 240,000 private documents, including student passports, financial records, credentials, and exam scores.
Due to improper system configuration, Leverage EDU exposed incredibly sensitive data, as was found by the Cybernews research team. Anyone could access all of the student’s personal information needed to submit an application to universities because no verification was necessary.
When a student wants to enroll in a program overseas, Leverage EDU serves as a one-stop admissions platform. It asserts to have an international network of more than 650 educational institutions and 80 million users as of the previous year.
The business, which has locations all throughout India, has quadrupled its staff since the outbreak and received $22 million in capital from foreign investors. It maintains offices in Australia and the UK.
After contacting the business, access to user data was secured. The business assured journalists that the issue had been resolved. The business told journalists that the issue had been resolved and that an examination of their systems had begun.
The Cybernews research team identified an Amazon S3 bucket that was misconfigured and opened to the public on January 31.
The bucket held numerous zip folders with over 240,000 files that exposed sensitive information and personally identifiable information (PII) on potential pupils.
Degree certificates, student report cards, exam results, CVs, filled-out application forms, phone numbers, emails, and home addresses were among the material that was released.
The researchers noticed numerous personal identification documents, including passport photos belonging to students and their parents, which is a cause for serious concern.
The open bucket also revealed user financial data, such as paystubs, bank statements, student loan paperwork, proof of identity for loan co-signers, and loan documentation.
The compromised personal information may have been used maliciously to commit fraud and identity theft. A data breach of this kind gives thieves the chance to design spear-phishing attacks and target people more precisely, putting their financial and other accounts at danger.
This all could have caused major concerns to the organizations there should be proper steps and cautions taken place in order to avoid such mishap.
Our Readers ALSO READThe Psychology of Phishing