Reports and users of social media platforms claimed, a ‘threat actor’ by the name of “VictorLustig” uploaded the database of a million Kashmir University students and teachers up for sale on a hacking forum for only $250.
An outcry has been sparked due to the reports of the alleged ‘leak’ of the database of approximately ‘one million’ Kashmir University students and teachers that hackers allegedly compromised. The database included registration, phone, email, and password. This has prompted the university to begin investigating the ‘data breach.’
After the topic gathered attention on social media, the hacker in charge finally removed the thread from the hacking forum. It is not yet known for certain why it was removed; it may have been because he found a buyer, or it could have been because of some other reason.
An archived version of the thread revealed that the threat actor had distributed sample data with index entries such as ‘UGFormMaster2ndSemBatch2020Brchin2021’ with 61,175 entries, ‘AdmitCardsDownloaded’ with 26,521 entries, ‘AcademicDetails’ with 1,180 entries, ‘PaymentApplicationsnew’ with 654 entries, and so forth.
The problem has caused frustration among the university staff and students, who believe that the administration has not taken adequate measures to protect their right to personal privacy.
“Nobody seemed concerned about the matter, even though it has been five days since it was brought up on the hacking forum. The institution has to recognize that digital theft is a serious problem, and they need to step up to the challenge to prevent our personal information from falling into the hands of cybercriminals,” said a student who requested that their name not be used.
“Our personal info is on sale. “Not only does it invade our privacy, but it also invades the privacy of our families,” one of the female students at the varsity stated.
According to sources within the university, the problem of flaws in the security of students’ personal information has been brought to the administration’s attention on many occasions in the past.
The problem was ignored since it was deemed unimportant. According to a person familiar with the situation, those whose concerns were raised about the possibility of data theft have now been realized. The insider continued by saying, “The breach is real.”
On the other hand, the university stated that their preliminary research showed that the data had not been altered in any way.
According to the first findings of the investigation into the suspected data breach, it has been discovered that the data has not been altered in any way, according to the spokeswoman.
“Any breach on data (which is already accessible in public domain) is being analyzed in depth, and based upon the analysis, the institution will take additional action and a suitable legal consequence appropriately,” claims the spokeswoman.
Meanwhile, cyber law enforcement authorities are keeping an eye on the development. According to the officials, it is too early to judge whether any genuine harm was caused to the database or whether a hacker just gained access to the database, grabbed everything he could, and then made the claim on the forum that is located on the dark web.