KU suffers ‘data breach’, details of 1 mn students up for sale

In-depth analysis on

Irfan Tramboo
SRINAGAR, Aug 10: The University of Kashmir has allegedly suffered a massive “data breach” of over a million students as well as employees whose details are now up for sale, putting the Varsity authorities in a tight spot.
The hacked database of the Varsity has been spotted on the dark web and as per details, the post informed about the selling of the database on a hacking forum namely, ‘Breached Forums,’ stating that the breached database contains students’ info, registration numbers, email, password, details of employees along with several other details.
The post by a hacker, which goes by the name ‘ViktorLustig,’ informed that the database is up for sale at $250 while the ‘serious buyers’ were told to contact him via Telegram-the details of which have been provided in the post.
In the post which has been shared on the hacking forum, and now stands deleted, the threat actor shared a database index in which the hacker has shown what he possesses. The hacker shared a text file named “dbs.txt” showing an index of the same, however, as the post stands deleted, the archive file of the same is available with Excelsior.
‘Breached Forums’-a data breach discussion and leaks forum-has been in news globally where earlier, similarly, the details of the over 5 million Twitter users were also put on sale apart from being responsible for the leak of 23 TBs of data from 1 billion Chinese Citizens.
Abhishek Verma, a twitter user and a technology journalist who informed about the leak of the University of Kashmir’s database, in a tweet said that the admin of the forum, who, he said, goes by the name ‘pompompurin’ replied and confirmed to him that the alleged database was “legitimate.”
While the legitimacy of the database index, which has been posted on the forum, has not been confirmed, the forum is, on the other hand, known for uploading and selling legitimate databases only which has been proven by similar posts that were seen on the hackers’ forum earlier.
On the other hand, while it took some time for the KU to understand what had happened, the varsity authorities later said that they are analyzing their database and that after the initial analysis, the dataset has been found “unmodified”.
The Varsity PRO said that the alleged breach is being “analysed” and as per the preliminary analysis it has been found that the data is unmodified.
“Any breach on data read (which is already accessible in public domain) is being analyzed in-depth and depending upon the analysis, University will take further course of action and take an appropriate legal recourse accordingly,” the PRO said.