PrepHero, a platform designed to help high school athletes secure college sports scholarships, was allegedly linked to a publicly exposed database containing over 3.1 million records, cybersecurity researcher Jeremiah Fowler informed vpnMentor.
The database, which was unencrypted and lacked password protection, contained sensitive information, including names, phone numbers, emails, physical addresses, and passport data of student athletes, as well as contact information for parents and college coaches.
Additionally, unprotected CSV files included links to passport images of the athletes. The database also featured a 10 GB “mail cache” folder with email communications from 2017 to 2025, some of which contained temporary login credentials, personalized links to public pages with sensitive information, and audio files of coaches discussing athletes’ strengths and weaknesses.
Jeremiah Fowler notified PrepHero of the exposure, leading to the database being secured the same day. However, it remains unclear how long the data was publicly accessible, whether PrepHero or a third-party contractor owned the database, or if any unauthorized parties accessed the information.
PrepHero offers recruiting assistance, mental training resources, and evaluations aimed at enhancing student athletes’ visibility to college sports programs.
