Another hack by #AntiSec, this time the New Jersey-based Stevens Institute of Technology.
31 first and last names, usernames, passwords (plaintext!) and email addresses exposed on Pastebinon July 7. And in many cases, the passwords are identical to the simple usernames. Not good.
I emailed Stevens over the weekend to ask them about the breach but they have not responded by the time of this posting. Nor do I see anything on their web site. If these data are from their database, as they appear to be, I hope they have notified students and staff to change their passwords and to take other steps to protect themselves. [Update: see comment by former student in the Comments section as to what he was told about the breach.]
h/t, The Hacker News.
I am a former student of the university. When i reached out for a response this is what i got.
I am the Chief Information Officer at Stevens. Stevens did experience a minor data
breach in a data base on a web server with public information. The
compromised data was reported as a password file but contained no actual
passwords that could be used for authentication on any system or application
at Stevens. Personal information was not accessed nor was any personal
information capable of being accessed using any of the information that was
obtained.
Thanks for providing that info!