Around 50,000 students in Australia who are using Get, an events-scheduling application, may have had their private data exposed online. It’s said the potential breach affected students involved in University communities and clubs in Australia.
Get, with an active user-base of 159,000 students and 453 clubs, aids student societies in facilitating payments for events and merchandise.
The issue came into light after a user reported that he’s able to access other users’ information, including name, date of birth, email addresses, Facebook ID details, and phone numbers.
“I came across Get (https://useget.com) after a society advertised their memberships on the platform at my campus. Using their search function on their website, I searched for the society. I mis-typed the society name, and instead got results of a list of people who had similar names. I was intrigued, and wondered if I could search for a specific person. I typed in a friend’s name, and surely enough, their name appeared alongside a list of societies they followed. It seemed a bit strange that I could find people who I didn’t know, and discover their interests,” the user said in a post.
Following this, Get announced that it fixed the flaw and notified about the breach to all its users. It also clarified that an investigation is ongoing to discover which data was exposed in the incident.
“Get is continuing its investigations into the alleged data breach. We are working continuously to undertake a comprehensive response to this matter, which we are taking with the utmost seriousness. In this regard, Get is engaging appropriate external professional services to ensure its actions are thorough and fully appropriate to the circumstances at hand. Get will fully comply with relevant regulatory and law enforcement obligations and associated agencies. In the meantime, users of our platform should, as always, remain wary of any unusual phone calls, text messages or emails,” Get said in a statement.