In May we reported that Team Digi7al leaked login credentials from the databases of University of New Brunswick (unb.ca). Since the site’s administrators failed to properly patch the vulnerabilities, the hackers gained access once again.
“Sorry Admin! No URL for you this time! I'm not making your lazy job any easier. How did you miss this vuln when you patched this [old vulnerability],” Th1nkT0k3n wrote.
On this occasion, the hackers leaked usernames and passwords from a number of tables. While some of them are hashed, the data dump also contains around a dozen passwords in clear text.
On one hand, it’s good to know that University of New Brunswick has at least attempted to secure the website. Hopefully, this second time they will manage to properly resolve all the issues that expose all those users.