Get is currently embroiled in a potential data breach which affects around 50,000 students in the whole of Australia. The platform experienced a vulnerability which exposed thousands of student identities on the Internet.
Get is an application which provides user access to online ticketing and merchandising facilities. Moreover, Get allows user payments to be made via its platform. It is currently servicing numerous Australian universities, particularly student clubs and societies.
Apart from operating in Australia, The Guardian reveals the application also provides services to three other countries. Today, around 159,000 students are using the app. Meanwhile, 453 clubs are using Get.
An Australian student clubs implicated in the breach includes the Griffith Business Students Association. The Sydney University Cricket Club and the UNSW Engineering Society also used the online platform, states AFR.
Prior to being named ‘Get,’ the company was formerly known as Qnect. The firm rebranded after experiencing a similar data breach in 2018. The Australian Financial Review shared a hacking group threatened to expose user information unless the company paid hackers in bitcoin.
A Reddit user who goes by the username babysharkvic_au brought public attention to the incident. The user reportedly gained access to user information from other individuals who used the app. Some of the data compromised include names, email address, dates of birth, Facebook ID, and contact numbers report The Guardian.
No financial information or payment details have been compromised.
The Australian Financial Review approached Get for further comment on the incident. Despite failing to respond, the company issued a statement on its website. It says that it is “continuing its thorough investigations into the alleged data breach.”
The Reddit user babysharkvic_au and The Guardian also reached out to the online platform. However, the move proved to be futile.
Following this, the company immediately addressed the vulnerability on its platform. The firm’s team of engineers also addressed the potential vulnerability and alerted organizations. In addition, the business also conducted an in-depth review of the matter, specifically those that concerned the site’s API.
Should the company become aware of more information, it plans to disclose the findings to the public. According to its statement, only then will the company report a breach.
The incident compels Get to disclose the incident to the Office of the Australian Information Commissioner (OAIC). A spokesman for OAIC urged customers to change their passwords, monitor their accounts, and watch out for other malicious attempts.