A security lapse on PrepHero, a college recruiting platform, exposed millions of unencrypted records, including sensitive personal details and passport images of student-athletes. The exposed database contained 3,154,239 records and was not secured with a password or any form of encryption. Sensitive information such as names, phone numbers, email addresses, home addresses, and passport information of student-athletes was exposed. The database also contained contact details for parents and coaches, as well as unprotected computer files with student athletes’ passport image links. Additionally, a folder labelled 'mail cache' holding 10 gigabytes of email messages spanning from 2017 to 2025 was found, containing personalized web links to publicly accessible pages displaying names, birth dates, email addresses, home addresses, and compensation details.
Source: https://hackread.com/prephero-database-exposed-students-coaches-data/
TPRM report: https://scoringcyber.rankiteo.com/company/prephero
"id": "pre552051425",
"linkid": "prephero",
"type": "Breach",
"date": "5/2025",
"severity": "100",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"