DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

Hacker may have sold access to Marshall U. website

Posted on January 26, 2011 by Dissent

Yesterday, I noted that I had contacted Marshall University about a hacker offering “Full SiteAdmin Control” to their server for $99.00.

My purpose in contacting them was two-fold: to alert them to a possible breach that they needed to look into and to ask for a comment or response. I never got to the second purpose, as a Marshall employee told me that they had dealt with the problem “yesterday,” that there was no breach, and that I shouldn’t be reporting anything alleging that they had been breached. She took my phone number and email address and promised to have someone get in touch with me with a fuller response. No one called. No one emailed.

Today, Zack Harold reports:

An underground hacker website recently offered visitors high-level access to Marshall University’s website for just $99.

Officials at Marshall said the cyber criminal might not have infiltrated their systems, however.

The hacker, identified only as “Srblche,” was selling administrative access to the university’s website for $99 on Monday. The site was no longer active Wednesday.

Matt Turner, Marshall’s chief of staff, said the university became aware of the alleged security breach Monday and immediately began checking its systems to determine if a breach occurred.

The school’s technology team didn’t find any evidence of an attack.

“As far as we know, our security has not been compromised as suggested, but with Web servers, there is always an inherent risk of hackers,” Turner said. “Any time you have a server that exists, it’s always susceptible to someone trying to hack into it.”

“We think it’s someone phishing, trying to make some money,” he said.

Bill Gardner, IT manager for Charleston’s Flaherty, Sensabuagh, Bonnasso Law Firm, said that scenario is “possible, but it’s probably not probable.”

“There’s honor among thieves,” he said

Read more on Charleston Daily Mail.

None of the universities named on the “for sale” list have posted any notices on their sites about the situation.  In the interim, the web site has been suspended.  A whois lookup indicates that srblche.com is registered to:

Mohammad Srblche        ([email protected])
Kuwait
Salwa
Salwa
KW,00865
KW
Tel. +965.567636494
Creation Date: 21-Apr-2010
Expiration Date: 21-Apr-2011
Domain servers in listed order:
ns1.suspended-domain.com
ns2.suspended-domain.com
Of course, that information is not necessarily accurate.
Category: Breach IncidentsEducation SectorHackU.S.

Post navigation

← Ca: Three stolen laptops with patient info recovered
NZ: City doctor who breached confidentiality cleared of privacy breach →

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • Washington Post investigating cyberattack on journalists, WSJ reports
  • Resource: State Data Breach Notification Laws – June 2025
  • WestJet investigates cyberattack disrupting internal systems
  • Plastic surgeons often store nude photos of patients with their identity information. When would we call that “negligent?”
  • India: Servers of two city hospitals hacked; police register FIR
  • Ph: Coop Hospital confirms probe into reported cyberattack
  • Slapped wrists for Financial Conduct Authority staff who emailed work data home
  • School Districts Unaware BoardDocs Software Published Their Private Files
  • A guilty plea in the PowerSchool case still leaves unanswered questions
  • Brussels Parliament hit by cyber-attack

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • Vermont signs Kids Code into law, faces legal challenges
  • Data Categories and Surveillance Pricing: Ferguson’s Nuanced Approach to Privacy Innovation
  • Anne Wojcicki Wins Bidding for 23andMe
  • Would you — or wouldn’t you?
  • New York passes a bill to prevent AI-fueled disasters
  • Synthetic Data and the Illusion of Privacy: Legal Risks of Using De-Identified AI Training Sets
  • States sue to block the sale of genetic data collected by DNA testing company 23andMe

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.