DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

Hacker may have sold access to Marshall U. website

Posted on January 26, 2011 by Dissent

Yesterday, I noted that I had contacted Marshall University about a hacker offering “Full SiteAdmin Control” to their server for $99.00.

My purpose in contacting them was two-fold: to alert them to a possible breach that they needed to look into and to ask for a comment or response. I never got to the second purpose, as a Marshall employee told me that they had dealt with the problem “yesterday,” that there was no breach, and that I shouldn’t be reporting anything alleging that they had been breached. She took my phone number and email address and promised to have someone get in touch with me with a fuller response. No one called. No one emailed.

Today, Zack Harold reports:

An underground hacker website recently offered visitors high-level access to Marshall University’s website for just $99.

Officials at Marshall said the cyber criminal might not have infiltrated their systems, however.

The hacker, identified only as “Srblche,” was selling administrative access to the university’s website for $99 on Monday. The site was no longer active Wednesday.

Matt Turner, Marshall’s chief of staff, said the university became aware of the alleged security breach Monday and immediately began checking its systems to determine if a breach occurred.

The school’s technology team didn’t find any evidence of an attack.

“As far as we know, our security has not been compromised as suggested, but with Web servers, there is always an inherent risk of hackers,” Turner said. “Any time you have a server that exists, it’s always susceptible to someone trying to hack into it.”

“We think it’s someone phishing, trying to make some money,” he said.

Bill Gardner, IT manager for Charleston’s Flaherty, Sensabuagh, Bonnasso Law Firm, said that scenario is “possible, but it’s probably not probable.”

“There’s honor among thieves,” he said

Read more on Charleston Daily Mail.

None of the universities named on the “for sale” list have posted any notices on their sites about the situation.  In the interim, the web site has been suspended.  A whois lookup indicates that srblche.com is registered to:

Mohammad Srblche        ([email protected])
Kuwait
Salwa
Salwa
KW,00865
KW
Tel. +965.567636494
Creation Date: 21-Apr-2010
Expiration Date: 21-Apr-2011
Domain servers in listed order:
ns1.suspended-domain.com
ns2.suspended-domain.com
Of course, that information is not necessarily accurate.

No related posts.

Category: Breach IncidentsEducation SectorHackU.S.

Post navigation

← Ca: Three stolen laptops with patient info recovered
NZ: City doctor who breached confidentiality cleared of privacy breach →

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • Chinese hackers suspected in breach of powerful DC law firm
  • Qilin Emerged as The Most Active Group, Exploiting Unpatched Fortinet Vulnerabilities
  • CISA tags Citrix Bleed 2 as exploited, gives agencies a day to patch
  • McDonald’s McHire leak involving ‘123456’ admin password exposes 64 million applicant chat records
  • Qilin claims attack on Accu Reference Medical Laboratory. It wasn’t the lab’s first data breach.
  • Louis Vuitton hit by data breach in Türkiye, over 140,000 users exposed; UK customers also affected (1)
  • Infosys McCamish Systems Enters Consent Order with Vermont DFR Over Cyber Incident
  • Obligations under Canada’s data breach notification law
  • German court offers EUR 5000 compensation for data breaches caused by Meta
  • Air Force Employee Pleads Guilty to Conspiracy to Disclose Unlawfully Classified National Defense Information

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • DeleteMyInfo Wins 2025 Digital Privacy Excellence Award from Internet Safety Council
  • TikTok Loses First Appeal Against £12.7M ICO Fine, Faces Second Investigation by DPC
  • German court offers EUR 5000 compensation for data breaches caused by Meta
  • How to Build on Washington’s “My Health, My Data” Act
  • Department of Justice Subpoenas Doctors and Clinics Involved in Performing Transgender Medical Procedures on Children
  • Google Settles Privacy Class Action Over Period Tracking App
  • ICE Is Searching a Massive Insurance and Medical Bill Database to Find Deportation Targets

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.