Around 120,000 records from universities around the world including Penn were released on the internet Monday.
Full names, PennCard numbers, phone numbers and email addresses of students, administrators and alumni were posted online. A total of 1,764 entries from Penn were released.
Information from five database tables called “aod_user,” “coursereview_tblusers,” “lgbtc_users,” “nec_wp_users” and “OHE_FS_student” have been released. They were all part of a larger database entitled “vpul.”
According to the leak, 322 database tables from Penn have been compromised, of which only these five have been released. This information was published on three different sites and has since been taken down from two of them.
The database tables listed seem to correspond with programs under the Office of the Vice Provost for University Life.
Vice President for University Communications Stephen MacCarthy confirmed the University became aware of the issue on Tuesday. Information Systems and Computing staff have taken the system that was hacked offline and are working to fix the issue.
The information was released by an anonymous group of hackers calling themselves Team GhostShell. They hacked university servers and pasted the data onto Pastebin.com — a website that anonymously stores text.
Pastebin.com is designed for programmers to store “pieces of sources code or configuration information,” according to its website.
Team GhostShell posted on Oct. 1, “Our targets for this release have been the top 100 universities around the world. After carefully filtering the ones that we’ve already leaked before and the ones where Anonymous has in major operations [sic], we have eventually got together a new fresh list.”
Someone who identified themselves as a member of Team GhostShell emailed The Daily Pennsylvanian in response to a tweet @TeamGhostShell and declined a phone interview.
The Pastebin.com post provides links to hacked information from universities such as Harvard, Cambridge, Stanford and Johns Hopkins. In total, 100 universities were targeted. For some schools, multiple servers were hacked. According to the post, only one Penn server has been compromised.
“We tried to keep the leaked information to a minimum, so just around 120,000 accounts and records are here, leaving in their servers hundreds of thousands more,” the post read.
According to IdentifyFinder — a company that helps consumers prevent identify theft and data leakage — the information appears to be authentic enough to solicit attention and investigation by universities affected.
In its analysis of all data leaked, it found 36,623 unique email addresses, one bank account number, thousands of usernames and hashed and plain-text passwords and employee payroll information, among other findings.
College and Wharton junior Matt Parmett stumbled upon the information on Pastebin.com late Tuesday afternoon. Within half an hour, he created a site that lets users input first and last names to see if their information has been publicized and includes a link to the leak itself. He immediately notified ISC staff, and as of press time has not received a response.
Parmett added that students should not rely solely on his website as some of the names in the released file are misspelled.
In August, Team GhostShell leaked around 1 million accounts from over 100 companies, including real estate agencies, weapons dealers and police departments. They called the initiative Project HellFire.
In their new Project WestWind, the hackers are looking to expose the hacks and vulnerabilities in higher education and generate conversation about “today’s education.”
“We have set out to raise awareness towards the changes made in today’s education, how new laws imposed by politicians affect us, our economy and overall, our way of life,” the group wrote in the post.
“How far we have ventured from learning valuable skills that would normally help us be prepared in life, to just, simply memorizing large chunks of text in exchange for good grades,” the post continued. “How our very own traditions are heard less and less, losing touch with who we truly are. Slowly casting the identities, that our ancestors fought to protect, into exile.”
Editor’s Note: The Daily Pennsylvanian will not be publishing a link to the leaked data, or any sites that link to the data, to avoid further propagation of the sensitive information.
The Daily Pennsylvanian is an independent, student-run newspaper. Please consider making a donation to support the coverage that shapes the University. Your generosity ensures a future of strong journalism at Penn.
DonatePlease note All comments are eligible for publication in The Daily Pennsylvanian.