Study abroad platform Leverage Edu denies data breach although students data is public
Take action: File storage access misconfiguration is one of the easiest mistakes to make. Be very mindful of access permissions on file shares. Also, don't play the fool if you have had an exposed file storage. The data was exposed and a data breach is proper to be reported.
Learn More
Leverage Edu, a prominent study abroad platform in India, is reported to have had a temporary exposure of approximately 240,000 sensitive files, including student passports, financial documents, certificates.
An independent cybersecurity research publication, discovered a publicly accessible Amazon S3 bucket, which stored a multitude of zip folders containing student data such as degree certificates, report cards, CVs, application forms, bank statements, passport photos, and loan documents.
Although Leverage Edu denies any breach or data leak to be abused by malicious parties, the incident raises concerns of proper discipline in data security. Leverage Edu asserts that the exposed link was created by third-party bank partners during the migration process to a more secure system, and they have since completed the migration to safeguard student data.
