Hackers post data from dozens of breached college servers

Group calling itself GhostShell says it posted thousands of usernames, passwords, and phone numbers of students and faculty to call attention to the state of education.

Steven Musil Night Editor / News

Steven Musil is the night news editor at CNET News. He's been hooked on tech since learning BASIC in the late '70s. When not cleaning up after his daughter and son, Steven can be found pedaling around the San Francisco Bay Area. Before joining CNET in 2000, Steven spent 10 years at various Bay Area newspapers.

Expertise I have more than 30 years' experience in journalism in the heart of the Silicon Valley.

See full bio

Steven Musil

Oct. 3, 2012 7:55 p.m. PT

2 min read

A group of hackers claims to have stolen thousands of personal records by breaching the servers of more than 50 universities around the world, including Harvard, Stanford, Cornell, and Princeton.

A group calling itself GhostShell posted to text-sharing site Pastebin more than 120,000 records from the breached servers, including thousands of names, usernames, passwords, addresses, and phone numbers of students and faculty. While most hacker activity is motivated by a desire to steal identities or pranksterism, GhostShell said the goal of its data dump was to focus public attention on the state of higher education:

We wanted to bring to your attention different examples from Europe, how the laws change so often that even the teachers have a hard time adjusting to them, let alone, the students, to the US, where tuition fees have spiked up so much that by the time you finish any sort of degree, you will be in more debt than you can handle and with no certainty that you will get a job, to Asia, where strict & limited teachings still persist and never seem to catch up with the times and most of the time fail to prep you up for a world where foreign affairs are crucial in this day and age.

Some of the data appears to have been already publicly available, but some records included sensitive information such as birth dates and employee payroll information. However, GhostShell said in its statement that it sought to limit the amount of information it released.

"We tried to keep the leaked information to a minimum, so just around 120,000+ accounts and records are here, leaving in their servers hundreds of thousands more," the message said, adding a warning to school regarding the security of their networks. "When we got there, we found out that a lot of them have malware injected. No surprise there since some have credit card information stored."

In analyzing the SQL injection attack, security and privacy software maker Identity Finder said the records posted to Pastebin appeared to be "authentic enough" to warrant further university investigation.

"Based upon a casual sampling of time stamps in the data set, it appears that the hackers spent at least four months aggregating the information prior to release," Aaron Titus, chief privacy officer for Identity Finder, said in a statement. "Although the hackers claim to have posted 120,000 accounts, Identity Finder could only confirm around 40,000 accounts exposed. 40,000 accounts is still a large number, and it is possible that the hackers had access to far more."

GhostShell attracted media attention in August when it released a vast quantity of data from banks, government agencies, consulting firms, and many others.

It also promises more data leaks in the future, specifically "two more projects are still scheduled for this fall and winter. It's only the beginning."