Hackers part of Team Dig7tal found an SQL Injection vulnerability in the Political Economy Research Institute site of the University of Massachusetts. To prove that it’s not something to joke about, they leaked some information from the website’s databases.
The information includes database structure, but also a number of 11 credential sets with administrator email addresses, usernames and password hashes.
The worrying part is that the hashes are MD5 and can be decrypted in a matter of seconds.
Hopefully, University of Massachusetts representatives have noticed the breach and acted on securing the site. Otherwise, an ill-intended individual (now that the passwords are out it doesn’t even have to be a hacker) can easily gain access to the site and cause some serious damage.
Team Dig7tal has also made available the vulnerable URL that allowed them to gain access to the university’s systems.
As usual, since there's sensitive information involved, we will not provide a link to the data leak. Update.
University of Massachusetts representatives contacted us to reveal that the security hole highlighted by the hackers has been addressed.