Prephero-linked Database Exposed Data Of 3m Students And Coaches

Trending 15 hours ago
  1. Home
  2. Cybersecurity
  3. Prephero-linked Database Exposed Data Of 3m Students And Coaches
ARTICLE AD BOX

A information lapse connected PrepHero, a assemblage recruiting platform, exposed millions of unencrypted records, including delicate individual specifications and passport images of student-athletes.

A monolithic magnitude of individual accusation belonging to complete 3 cardinal individuals, including young athletes hoping for assemblage scholarships and their coaches, was precocious recovered unprotected online. vpnMentor’s cybersecurity interrogator Jeremiah Fowler discovered this exposed database and reported it connected May 12, 2025.

Based connected nan accusation successful nan database, it belonged to a Chicago-based institution called PrepHero, operated by EXACT Sports. For your information, PrepHero helps precocious schoolhouse athletes create recruiting profiles for assemblage sports programs and facilitates nonstop connection betwixt athletes and coaches astatine renowned universities, aiming to unafraid sports scholarships.

According to Fowler’s investigation, shared pinch Hackread.com, this database contained a staggering 3,154,239 records (totalling astir 135 gigabytes) and was not secured pinch a password aliases immoderate shape of encryption.

Fowler’s first checks revealed delicate accusation astir student-athletes, including names, telephone numbers, email addresses, location addresses, and passport information. The database besides contained interaction specifications for parents and coaches, arsenic good arsenic unprotected machine files pinch student athletes’ passport image links.

Source: vpnMentor

Adding to nan severity of nan exposure, nan database contained a files labelled “mail cache” holding 10 gigabytes of email messages spanning from 2017 to 2025. The files contained personalized web links to publically accessible pages displaying names, commencement dates, email addresses, location addresses, and compensation details.

Some emails besides included impermanent passwords, posing further privateness risks. Audio recordings of coaches stating their names, colleges, and evaluations of student athletes’ strengths and weaknesses were besides found.

Fowler promptly disclosed this find to PrepHero, which quickly secured nan database, preventing further nationalist access. While nan exposed records person been linked to PrepHero, it is yet unclear whether this database was straight managed aliases an outer institution was responsible for its management. Furthermore, it’s besides unclear really agelong nan delicate accusation was accessible online earlier Fowler’s find aliases if anyone other mightiness person accessed it.

Education Sector is Already Vulnerable

As noted successful Check Point’s April 2025 malware report, cyber attacks connected nan acquisition assemblage proceed to rise. Just past week, edtech elephantine PowerSchool confirmed it paid ransom aft a December 2024 ransomware onslaught that exposed nan individual information of students and teachers.

Meanwhile, caller reports uncover that nan charismatic website of iClicker, a wide utilized student engagement platform, was hacked successful a ClickFix attack. Having a database exposed to cyber criminals is worse than leaving your beforehand doorway wide open, it’s an unfastened invitation pinch acold much astatine stake.

Fowler highlighted nan privateness risks associated pinch exposing student athletes’ individual information, arsenic they are often young and deficiency in installments histories, making them susceptible to identity theft. Criminals could usage this information to unfastened fraudulent accounts without contiguous detection. Students, parents, and coaches’ interaction accusation could beryllium exploited for targeted phishing attacks and scams, pinch coaches besides astatine consequence of spear-phishing attempts.

Considering these repercussions, individuals associated pinch PrepHero aliases EXACT Sports must stay cautious astir phishing/social engineering attempts, usage secure contented guidance systems pinch entree controls, usage multi-factor authentication for each accounts and encrypt delicate documents to minimize nan effect of imaginable information breaches.

“Sending emails pinch unsocial web links to surveys aliases unfastened webpages that incorporate PII should beryllium restricted and only accessible pinch login credentials to forestall unauthorized aliases accidental access,” Fowler advised.

More

Related Article

Cisa Adds Telemessage Vulnerability To Kev List Following Breach

Cisa Adds Telemessage Vulnerability To Kev List Following Breach

11 hours ago 6
Zoom Fixes High-risk Flaw In Latest Update

Zoom Fixes High-risk Flaw In Latest Update

13 hours ago 10
Iclicker Website Hacked With Fake Captcha In Clickfix Attack

Iclicker Website Hacked With Fake Captcha In Clickfix Attack

16 hours ago 9
RIGHT SIDEBAR TOP AD

Popular Article

Visual Crossing Adds Real-time Radar To Its Weather Api – Starting In The U.s. And Europe

Visual Crossing Adds Real-time Radar To Its Weather Api – Starting In The U.s. And Europe

22 hours ago 19
Google To Unveil Ai Agent For Developers At I/o, Expand Gemini Integration

Google To Unveil Ai Agent For Developers At I/o, Expand Gemini Integration

21 hours ago 18
Dji Mavic 4 Pro Is Here With An Infiniti Gimbal, 6k Video, 100mp Photos And Mega 51 Minute Flight Time

Dji Mavic 4 Pro Is Here With An Infiniti Gimbal, 6k Video, 100mp Photos And Mega 51 Minute Flight Time

19 hours ago 17
Does Agentic Ai Spell Doom For Saas?

Does Agentic Ai Spell Doom For Saas?

20 hours ago 15
Genai Companies Go Granular With Open-source Models For Agents

Genai Companies Go Granular With Open-source Models For Agents

14 hours ago 15
RIGHT SIDEBAR BOTTOM AD
English (US) English (US) · Indonesian (ID) Indonesian (ID) ·
About Us · Contact Us · Terms & Conditions ·

©2025 aquaX.
All Rights Reserved.