Australian Information Security Incident Reported: September 10 2019

Data breach may affect 50,000 Australian university students using ‘Get’ app

Students using events app Get, previously known as Qnect, may have had their personal data exposed online.

Source: Data breach may affect 50,000 Australian university students using ‘Get’ app
More reports from: The Guardian.

The personal details of an estimated 50,000 students involved in university clubs and societies around Australia may have been exposed online, in the second breach of its kind for the company holding the data.

Get, previously known as Qnect, is an app built for university societies and clubs to facilitate payments for events and merchandise. The app operates in four countries with 159,000 active student users, and 453 clubs using it.

A user on Reddit reported over the weekend that after looking up their own club they were able to get access to other users’ data, including name, email, date of birth, Facebook ID and phone numbers, through the company’s search function, API.

Get rebranded last year following a data breach that resulted in members of societies and clubs using the platform being threatened with having their data released by a hacking group, unless then-Qnect paid the hackers in bitcoin.

More coverage:

Tech start-up investigating ‘potential data leak’ on online ticketing platform | ABC News (Australia)