Well, they can’t say they weren’t warned. The hacker who uses the nick “JM511” has been busy hacking more universities and has dumped some data from the University of California at Los Angeles. In a tweet last night, @JM511 noted that they had been warned twice:
You’ve bEEn #warned #2times @UCLA
— JM511 Hacker☠ (@JM511) August 23, 2015
According to JM511, he warned them via email more than one week before the attack. Minutes ago, he tweeted a link to the data dump.
In the paste, JM511 included sample data from UCLA tables that include userids, usernames, and passwords. Other tables include university email addresses, first and last names, usernames, and passwords. Most of the passwords dumped were not plain-text, although one table does appear to have plain-text passwords.
As he has done in other cases, JM511 posted information about the system:
web application technology: Apache 2.2.2, PHP 5.2.5
back-end DBMS: MySQL 5.0.12
banner: ‘5.0.22-log’
[04:42:18] [INFO] fetching current user
current user: ‘celf@localhost’
[04:42:18] [INFO] fetching current database
current database: ‘celf’
UCLA is not the only university JM511 reports attacking via SQLinjection and XSS, however. In other tweets overnight, he also notified Western Governor’s University in Utah, the University of Minnesota, DePaul University, and Northern Illinois University that he had hacked them. His tweets provide links showing the vulnerable urls that he used.
JM511 does not appear to have dumped any personal data from those additional universities, but of concern, in another tweet, he suggests that he may soon be dumping data from Southern Illinois University, a university whose infosecurity was found concerning in a 2014 audit.
Whether the universities’ social media teams will understand his tweets to them and contact their university’s IT security immediately remains to be seen.