Trell, Quiz Revolution and others fall victim of data leaks.
28 November 2021BREACHAWARE HQ
A total of 27 breach events
were found and analysed resulting in 5,004,040 exposed accounts
containing a total of 14 different data types of personal datum
. The breaches found publicly and freely available included Trell, Quiz Revolution, Fantamatic Online, FeisWorx and Do Sport Easy (URL Redirected). Sign in to view the full
library of breach events which includes, where available, reference articles relating to
each breach.
Categories of Personal Data Discovered
Communications Data, Socia-Demographic Data, Contact Data, Social Relationships Data, Technical Data, Usage Data, Locational Data, Financial Data.
Data Breach Analysis
These breaches are not household names, but they play significant roles in the lives of their users, particularly within student populations, amateur athletes, hobbyists, and educators, which makes their exposure an important issue within the broader digital risk landscape.Where the Breaches Occurred: A Cross-Section of Modern Online Life
Each affected service represents a unique digital function:- Trell is a lifestyle content platform, popular particularly in South Asia, where users share short videos, tutorials, and reviews. Its user base includes influencers, micro-businesses, and lifestyle enthusiasts.
- Quiz Revolution is a tool for creating and sharing online quizzes, used frequently in both educational and entertainment contexts. This makes it a natural choice for students, tutors, marketers, and casual web users.
- Fantamatic Online is tied to the fantasy sports space, an increasingly data-driven ecosystem where users input predictions and interact with competitive game mechanics.
- FeisWorx supports Irish dancing competitions, providing administrative and registration tools for dancers, schools, and event organisers.
- Do Sport Easy is an administrative platform for clubs and teams, facilitating communication and registration for sporting organisations, mostly within European contexts.
Together, these platforms illustrate how digitised niche communities and logistical services, from quiz creation to event scheduling, now form the backbone of daily activity for many users. Breaches in such systems don’t just expose data; they interrupt trust in digital infrastructure that people depend on to learn, compete, connect, and create.
Who Was Impacted: A Closer Look at Likely User Groups
While these are not mainstream social networks, their audiences are far from obscure. The individuals impacted fall into distinct categories, including:- Content creators and small-scale influencers on platforms like Trell, who often link accounts across multiple social ecosystems and monetise digital identities.
- Educators, students, and hobbyist learners, especially younger users and schools, using Quiz Revolution for interactive teaching or engagement purposes.
- Amateur and youth athletes, particularly those involved in community sports or artistic disciplines like dance, where platforms such as FeisWorx handle sensitive age and health-related data as part of event registration.
- Fantasy sports participants, whose user behaviour often includes predictive analytics, betting integrations, and integration with social or financial platforms.
- Club organisers and administrators, who rely on tools like Do Sport Easy for secure scheduling, member communication, and fee tracking.
These individuals are often deeply embedded in vertical digital ecosystems, where breach fallout may spread far beyond a single platform, via reused passwords, phishing attempts, or identity profiling.
mall Platforms, Big Responsibilities
What these breaches demonstrate once again is that data volume alone does not determine breach impact. Smaller platforms may not command the attention of national press, but they can still expose sensitive data, including:- Account credentials reused across services,
- Email addresses tied to specific community identities (e.g., a dance school, fantasy league, or quiz portal),
- Behavioural insights from content consumption or quiz responses,
- Time-specific registrations that can be used to construct activity timelines.
More importantly, breaches in these spaces often affect individuals not typically well-represented in data protection narratives, such as minors participating in competitions, part-time instructors, or hobbyists. These users may not fully understand the data risks or security shortcomings of the platforms they engage with, and few of the breached platforms have the support frameworks in place to notify or support affected individuals.
Infrastructure and Oversight Challenges
Many of the affected services operate with limited budgets, rely on open-source components, or are maintained by small developer teams. In some cases, their data protection practices may be outdated or incomplete. Specific challenges include:- Lack of formal encryption of user data at rest,
- Minimal investment in authentication protocols, such as multi-factor login,
- Unmonitored data sharing with third-party analytics, advertising, or hosting providers,
- Nonexistent breach disclosure policies, especially for platforms not covered by GDPR or similar frameworks.
Several of the breaches stem from data dumps or misconfigured cloud storage being discovered and indexed by search engines or scraping tools. This suggests that, despite the privacy concerns raised globally, basic cloud security hygiene is still lacking, even among platforms entrusted with real identities and financial transactions.
The Ecosystem Effect
While each of these 27 breaches may appear isolated, collectively they reveal systemic weaknesses in the digital supply chain of everyday life. For example:- A user registered on Trell for content browsing may use the same email and password combination for their fitness club on Do Sport Easy.
- A quiz participant using Quiz Revolution might input identifiers such as name, age, or school, which are then recycled in registrations via FeisWorx.
- Cross-referenced usernames can be used in targeted phishing or social engineering campaigns, especially when platforms use email-based login without additional verification.
The cumulative effect is a risk surface far wider than the number of breached accounts would suggest. It exposes not just data, but trust, the trust users place in digital tools to enable learning, creativity, or healthy recreation without compromising their privacy.
Looking Ahead: Elevating Security Expectations
The key takeaway from this set of breach events is not the scale, but the diversity and depth of user engagement in the affected platforms. These aren’t passive apps or content aggregators, they are tools of participation, often involving the input of creative, health, academic, or financial data. As such, they merit greater scrutiny and stronger security mandates.For users, the imperative remains:
- Practice account separation across different services,
- Use password managers and unique credentials per platform,
- Be aware of how much identifying information is submitted, even on “non-serious” or one-time-use platforms.
For platform operators, especially those serving specific communities or youth, there is a pressing need to raise the bar on cybersecurity, even without enterprise budgets. That may mean open-source partnerships, grant funding for security audits, or simply adopting better encryption and access management practices.