Hackers from Team Dig7tal gained unauthorized access to the systems of University of New Brunswick by leveraging an SQL Injection vulnerability. After they leaked some data, they’ve sent emails to the institution’s staff to notify them of the breach.
“I did not take nor did I leak any of the student’s sensitive information. However, your site is terribly vulnerabile and I suggest you patch it ADMIN. It’s your damn job! Information leaked is only to demonstrate how pathetic your security is,” Th1nkT0k3n
said in the email he sent to the university.
“Also, I hope you have a great Monday Admin! Students and their parents give their hard earned money to this University and they should not have to worry about their sensitive information being leaked! Person in charge of your IT should be let go,” he added.
The leaked information the hacker is referring to consists of 234 database names, 68 table names from the budget_management
database, and 96 records from the employers table. From the user table, the hacker leaked 159 password hashes and usernames.
The dump also contains some sensitive information, including the administrator’s username and password (in clear text), and 202 employer entries comprising email addresses, IDs, names, passwords and websites. Th1nkT0k3n
also published the exact location of the security hole he used to gain access to the systems of University of New Brunswick.
Because the leak contains clear text passwords, we will not be providing a link.
Other sites hacked by the Team Dig7tal collective include the ones of the National Film Board of Canada
, University of Palermo
, University of Massachusetts
, the Los Alamos National Laboratory.
The hackers usually try to raise awareness on the existence of vulnerabilities, but occasionally they leak some sensitive information to make their point.