GVM Technologies, operating as GradSmart, reportedly suffered a data breach after a misconfigured cloud MongoDB instance without an IP whitelist and containing plaintext credentials allowed unauthorized access. The actor claims over 2,000 student records were exfiltrated, including full names, contact details, passport numbers, test scores, visa statuses, and academic and employment histories. #GVMTechnologies #MongoDB
Keypoints
- A misconfigured MongoDB cloud database lacking an IP whitelist enabled unauthorized access.
- Plaintext credentials found in environment files were present in the exposed instance.
- The actor alleges more than 2,000 student records tied to study-abroad programs were exposed.
- Compromised data reportedly includes passport numbers (at least 205), dates of birth, contact details, test scores, visa statuses, and academic/employment history.
- The incident creates heightened privacy and identity theft risks for affected students and may require notification and remediation.
Read More: https://dailydarkweb.net/gvm-technologies-data-breach-exposes-student-passports/