The newly founded hacker collective NullCrew has been very busy in the past few days. After they hacked the systems of ASUS and the ones of a South African ISP directory, they turned their attention to Yale University.
From the databases of the educational institution, the hackers obtained the details of around 1,200 students and members of the staff.
“This release merely had a reason other than to prove that nothing is secure. In fact, the governmental and educational sites are the least secure in the experience we've had with .edu and .gov websites,” the hackers wrote next to the data dump.
NullCrew claims that the database they’ve gained access to contains even more sensitive information such as social security numbers, names, addresses and phone numbers, but because their purpose is merely to show that nothing is secure, they’ve only published usernames, passwords and email addresses.
We have contacted both Yale’s webmaster and the university’s security department for clarifications regarding the breach. There hasn’t been any response until press time, but we’ll update this article as soon as new details become available.
Unlike other university website – which keep getting breached – Yale hasn’t been targeted very often by hackers (at least not that we know of).
However, back in February we reported
that TeamHav0k identified a cross-site scripting vulnerability on one of the university’s domains. We’ve tested that particular security hole and it appears to be addressed, but as it turns out, there are still some issues that expose Yale’s systems.
Note. Since all the passwords are in clear text and the chances for misuse are fairly high, we will not be providing a link to the PasteBay paste made by the hackers.