Israeli researchers discovered that the database of the University of Liverpool had been hacked and the contact details of everyone working and teaching there was posted on a dark web forum. The information posted on the dark net domain is being promoted to launch targeted phishing attacks.
According to security firm Cyberint, the name, address and work email addresses of the workers and teachers were posted on the dark web forum by a Portuguese-speaking hacker or group known as [email protected] in early February. The data remained publicly available on the website.
The attacked institute was informed of the hack some weeks ago by Cyberint and after that, the university contacted Merseyside Police about the case. The university released a statement, clearing the fact that although the contact details were taken from a database, the case that it is considered a public domain meant that this was not equivalent to a data breach. The official statement goes by:
“We detected an automated cyber-attack on one of our departmental online booking systems, which resulted in publicly available data – surname, email, and business telephone numbers – being released on the internet. We take the security of all university-related data very seriously and routinely test our systems to ensure that all data is protected effectively. We supported the Regional Organised Crime Unit (TITAN) in their investigations into this issue and reported the case to the Information Commissioner’s Office.”
Tech website, Computerworld UK made this statement in their article about the case:
”Contact databases are no longer the innocent data sources they would have been in the recent past. Protecting or securing them would be prudent. The fact hackers see value in an entire contact database is also an important reminder of the extent to which UK universities are now being targeted by people with destructive motives.”
According to Cyberint, the group or person responsible for this posting appears to specialized in attacking academic websites, having previously targeted institutions, such as the University of Ottawa, as well as releasing contact information of 150 members of the United Nations staff.
“The data is structured in the format of a database and the threat actor has quite an impressive background in offensive activities that include bypassing/taking down DNS servers and a set of tools/expertise in SQLi and DB exploits,” Elad Ben-Meir, Cyberint vice president of marketing, commented.
According to Ben-Meir, every University of Liverpool staff member or academic should be aware that they are now at increased risk of being targeted by cybercriminals using fraudulent emails in the coming months:
“Universities are particularly hot targets for cyber criminals as they are repositories for all kinds of valuable technological research. The kind of cyber breach that has occurred at Liverpool University could be the first step towards a more serious series of breaches suffered by the university in the near future.”