Boston U. allegedly hacked and non-sensitive data dumped (Update1)
UPDATE April 11: I have received no further information from Boston U., or any response from the individual who had claimed to have hacked them, but I noticed that the paste was deleted from siph0n.in where I had seen it – and on the same day that I reported it here. A cached copy was still available as of this morning. So I’m not sure whether this was a false claim or something else is going on.
An individual using the Twitter handle @pyopzidsadas has a message for Boston University:
I warned bu.edu, a million times about their fucking vulnerabilities, next time, then fix your fucking shit, idiots.
So enjoy! ;))
What follows is a paste with non-sensitive information including 148 individuals’ email addresses, first and last names, and aliases (usernames)
Data in a second table included 67 Employers’ email addresses, Employers’ Phone Numbers, and Employers’ names.
DataBreaches.net sent a courtesy notification to Boston U. through their web site. An automated receipt was received, optimistically marking the ticket “resolved:”
Thank you for the report. The information is being reviewed by the Information Security Incident Response Team here at Boston University. We will investigate the incident and will correct the situation.
I would think a ticket would be marked “resolved” only after it was adddressed, but hey, it’s been a long time since I attended Boston U.
Email inquiries sent to four randomly selected email addresses from the data dump produced no responses, but by the same token, none of the four emails bounced back, so the email adddresses may, indeed, be current and accurate.
This post will be updated as more information becomes available. DataBreaches.net reached out to the hacker via Twitter and email seeking more information about the incident and allegations that BU had been warned many times in the past, but has received no response as yet.