A security flaw allowed users of Queer Chart, a startup founded by Stanford students to link members of the campus queer community, to access personal data.
Including all users’ names, profile pictures, email addresses, dates of birth, pronouns, schools and anonymous IDs.
The founders said they secured “private data” within five hours of learning of its existence.
They also stated that their team worked to address the data leak after FoHo reporters met with them about it.
Source: https://stanforddaily.com/2019/11/19/queer-chart-startup-exposes-student-data/
TPRM report: https://scoringcyber.rankiteo.com/company/queerchart
"id": "que181523",
"linkid": "queerchart",
"type": "Data Leak",
"date": "11/2019",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'industry': 'Social Networking',
'location': 'Stanford University',
'name': 'Queer Chart',
'type': 'Startup'}],
'attack_vector': 'Security Flaw',
'data_breach': {'personally_identifiable_information': ['names',
'email addresses',
'dates of birth'],
'type_of_data_compromised': ['names',
'profile pictures',
'email addresses',
'dates of birth',
'pronouns',
'schools',
'anonymous IDs']},
'description': 'A security flaw allowed users of Queer Chart, a startup '
'founded by Stanford students to link members of the campus '
'queer community, to access personal data including all users’ '
'names, profile pictures, email addresses, dates of birth, '
'pronouns, schools and anonymous IDs.',
'impact': {'data_compromised': ['names',
'profile pictures',
'email addresses',
'dates of birth',
'pronouns',
'schools',
'anonymous IDs']},
'response': {'containment_measures': 'Secured private data within five hours '
'of learning of its existence',
'remediation_measures': 'Addressed the data leak after reporters '
'met with them'},
'title': 'Data Leak at Queer Chart',
'type': 'Data Leak',
'vulnerability_exploited': 'Unspecified security flaw'}