A newly formed hacker collective called Virtually Technical (VTec) claims to have penetrated the systems of multiple universities from the United States. The list of victims includes New York University, University of North Carolina, University of Wisconsin and Brown University.“We are a small, tight group of hackers who thoroughly enjoy the act of breaking into stuff we aren't supposed to be in, and making off with the data. To be honest, I don't give a [expletive] what you think of us, neither does the rest of our team,” the hackers introduced themselves.
Apparently, they leveraged a number of cross-site scripting vulnerabilities in order to gain access to the information stored in the databases of the targeted educational institutions.
From the databases of University of North Carolina, they have leaked student names, usernames, password hashes, secret questions and associated answers, email addresses, and phone numbers. They have also published the records of faculty members, including usernames, email addresses, fax numbers, mobile phone numbers and voice mail numbers.
The usernames, names, addresses and contact information taken from the emergency contacts table have also been made available on localleaks.me.
Finally, some usernames and passwords – some of which in clear text – belonging to forum administrators have been published.
Names, usernames, passwords, and contact information have also been stolen from the servers of University of Wisconsin.
From Brown University, they have only leaked some less important information such as database names, table names and other server information.
According to the hackers, the main domain of New York University – which they claim to have breached – contains “very interesting details,” including “encrypted names, frequency, and transponders used by satellites to provide access to their TV networks.”
“There is also a small database layout to the Princeton Theology Seminary, however it is suspected that this is a honeypot server, because while injecting I had messed up my syntax, only to discover that when trying to pull table names, suddenly no tables existed,” An4rchy, one of the members of the group, told Softpedia.
Note. Because the data dump contains some sensitive information, including vulnerability details, we will not be providing a link to it.