Company Overview

  • Targeted Entity: Multiple universities across India
  • Affected System: University management system used across various institutions
  • Date of Breach: May 4, 2024
  • Threat Actor: User "USDoD" on an underground forum

Breach Details

  • Breach Description: A forum post by a user named "USDoD" revealed unauthorized access to a university management system in India, affecting a significant number of institutions.
  • Data Compromised:
    • Two separate databases were leaked:
      • First Database: Contains over 300,000 entries with fields including Application Number (APP_NO), Application Record Number (APPL_NO), Login ID, Email, Mobile Number, Name, Community, Gender, Phone Number, and Password.
      • Second Database: Contains over 50,000 entries with additional fields beyond those in the first.
  • Method of Distribution: The data was shared publicly on an underground forum, with download links provided for the leaked databases.

Threat Actor Profile

  • Alias: USDoD
  • Forum Activity:
    • Member of "Equation Corp." on the forum with 113 posts and 33 threads.
    • Joined the forum in July 2023.
    • Reputation score of 881.
  • Status: The forum account has been permanently banned following this leak.

Impact Analysis

  • Scope of Impact:
    • The breach potentially affects hundreds of thousands of students and university staff members across India.
    • Personal information such as names, contact details, and passwords are at risk, which could lead to further exploitation, including identity theft, phishing attacks, and unauthorized access to other systems.
  • Institutional Damage:
    • Universities may face legal and reputational consequences, with a loss of trust from students and stakeholders.
    • Financial costs associated with breach management, including notifications, legal actions, and potential fines, could be substantial.

Share this article
The link has been copied!