14 DAY TRIAL // The members of the Team Digi7al have been very busy in the past few days and much of their attention seems to be focused on the websites of major universities and government organizations from the United States.
One of the victims is the Associated Students website of San Jose State University. To prove that the domain is highly vulnerable, the hackers leaked 4 gigabytes’ worth of information.
They claim that webmasters have addressed one of the security holes that exposed the site, but there still are a number of pages that contain dangerous SQL Injections.
Team Digi7al also revisited the website of University of Nebraksa – Lincoln.
“Hello, Ichi here. Looks like the University of Nebraksa - Lincoln got hacked again. They failed to fix the SQL I vulnerability the first time, so it's a little worse this time. I'm hoping they'll take the time to fix it after this one. Probably not though,” one of the hackers said.
The statement accompanies a data leak comprising database names, email addresses and their associated password hashes.
The official site of Stanford University has apparently become a favorite target for hackers, as this is the third time this year when it is breached.
The data dump published by Sp3ct of Team Digi7al contains information from tables such as “forum”, “users” and “tomprofmsg.”
Sp3ct has also discovered a number of cross-site scripting (XSS) vulnerabilities in the websites of EUMETSAT, the organization that monitors weather and climate from space, and the National Oceanic and Atmospheric Administration’s (NOAA) Educational Resources.
NOAA’s Aviation Weather Center has also been identified as containing XSS flaws.
“REASON: Challenge, & to rudely awaken the government and show them that they are lacking in their jobs and should stop living in their fantasy world that everything is ‘secure’,” the hacker explained.
Update. Identity Finder has analyzed the San Jose State University and found that around 10,000 valid social security numbers are contained in the leak.
Update2. An investigation of the breach performed by Identity Finder and school representatives revealed that the social securty numbers may actually be student IDs. The rest of the leaked data isn't sensitive information, according to the university's representatives.
While identity theft is unlikely to occur in this case, the affected individuals need to keep an eye out for phishing scams.