The personal information of 50,000 Australian university students may have been exposed by Get, following a data breach.
The mobile app, Get, allows university clubs and societies to sell tickets to balls, off-campus social occasions and events.
However as of recently, it has been discovered that the personal details of students who have purchased tickets through the app within the last two years may have been exposed.
No financial information is stored by Get, however contact information including names, phone numbers and email addresses may have been exposed.
The breach was first exposed in September by an anonymous Reddit user, who after a quick search on the website revealed the personal data of over 200,000 users dating back more than a year.
“I was looking for something relating to the society I’m in when I discovered an extensive list of all the people that were part of that society, which seemed a bit strange,” said the anonymous user
“When I deep-dived, I discovered things like full names, email addresses, home addresses and date of births were publicly available to anyone who used the site.”
Soon after the discovery, Get secured its system and the President of Sydney University’s Science Society Thomas Williams, was notified by QPay, a competitor.
Williams said: “Given the circumstances and the scope of it, it is very alarming to think about the extent to which student information has been exposed.”
The CEO of Get, Daniel Liang sent a statement to presidents of societies impacted by the breach, and the president of Sydney University’s Media and Communications Society Michelle Dang.
According to a spokesman from the Office of the Australian Information Commissioner (OAIC), Get had complied with Australian privacy laws.
The post #Privacy: Sydney-based tech start-up exposes data of 50K students appeared first on PrivSec Report.