University representatives claim they're working to resolve the issues

Nov 21, 2011 09:00 GMT  ·  By

After a hacker called St0rm managed to break into five of the internet domains owed by the University of Melbourne, exposing more than 1000 sets of credentials and other information, the institution's representatives came forward giving explanations on their side of the story.

As a reply to my inquiry on the incident, University of Melbourne representatives claim they are well aware of the hacking, but they state that there's no evidence to point that any sensitive information was exposed.

“Last week a hacker gained access to a University web server and obtained several old and out of date user IDs and passwords,” said John DuBois, director of Corporate Affairs at University of Melbourne. “On all evidence to hand, no sensitive information was exposed.”

Furthermore, he states that the University is handling the situation as we speak, focusing on fixing the vulnerabilities that allowed St0rm to access their systems in the first place.

“The hacker has continued to probe our IT systems, but we are unaware of any further information being compromised. The University is managing the incident and is fixing the vulnerabilities that have been exploited,” he added.

All this comes after the gray hat claimed he tried to contact the institution numerous times to precisely pinpoint the flaws that affected their systems.

As I'm sure, St0rm will try to access their systems once again to see if the weaknesses have been indeed fixed, especially since he claims that he will keep hacking them until the whole issue is resolved.

Even if the University's representatives are right and the IDs and usernames are outdated, the vulnerabilities still exist and it's clear they need to be patched up before someone with not so good intentions makes a move.

A few issues remain unanswered, so stay tuned to learn more from the hacker and to see what the institution has to say about the government email addresses that St0rm found.