A security researcher discovered an unsecured database containing the personal information of millions of users of a higher education social platform, PeopleGrove. The database was accessible to anyone with knowledge of its IP address and contained gigabytes of data, including email addresses, phone numbers, addresses, university achievements and scores, and resumes containing detailed work histories and employment details. Shockingly, none of the data was encrypted.

The researcher, Anurag Sen, immediately contacted TechCrunch, who notified PeopleGrove. The database became inaccessible soon after.

PeopleGrove's CTO, Reilly Davis, confirmed that the database was for their development servers and that most of the data was non-production test data. However, it's still unclear why the test database contained real people's information, and the company is currently investigating how and why the database became accessible from the internet.

TechCrunch verified the exposed data by matching contact information using public records, social media profiles, and career social networks like LinkedIn. Shockingly, some of the exposed information included details of a user's former top secret security clearance and personal contact information, including home address, personal email, and phone number.

At the time of discovery, the database had more than 25 million logs, while PeopleGrove's website claims to have more than 20 million users. PeopleGrove's CTO has promised to notify affected users "if we do find their sensitive data was exposed" and said that the company has implemented logging within its Google Cloud environment to determine what data may have been accessed or exfiltrated.

This incident highlights the importance of proper security measures when storing sensitive personal information. It also serves as a warning to companies to regularly check and monitor their databases for any vulnerabilities that could lead to data breaches.