DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

Twitter yanks @LindenLeaks account, but some damage was already done

Posted on March 7, 2012 by Dissent

Russell Korando reports on a university data breach that demonstrates why universities need to nail down security and access to education records:

LindenLeaks is no longer posting information about Lindenwood University or its students on Twitter.

Sometime early Wednesday, the Twitter account stopped publishing.

Lindenwood officials, St. Charles police and the St. Charles County Cyber Crimes Unit had been investigating LindenLeaks’ publication on the Internet of 180 names of students who were suspended from the private school for the fall 2011 semester. The posted information also included students’ grades, majors, phone numbers and email addresses.

On Tuesday, Lindenwood sent those students a statement indicating the university learned Monday evening that some private information on a limited number of students had been released publicly on the social network Twitter without authorization from Lindenwood. The statement said local law enforcement was receiving Lindenwood’s full cooperation in the investigation and that no Social Security numbers were compromised.

Read more on STLtoday.com. See also College Times, CBS St. Louis, and KMOV.

The individual associated with @LindenLeaks account offered a statement on Pastebin yesterday:

My earlier leak is a mere example of the nature of the items I have access to, and a demonstration of how information freely shared clearly doesn’t upset or concern me.

Since it’s release roughly seven hours ago, the document has been downloaded almost 140 times. My intention was not to defame the students listed in the document, nor to bad mouth them in some form. However, the “casualty” of their information however sensitive in nature it is considered, I count it only as unavoidable.

My goal in this and future leaks is to gain the interest of the @LindenwoodU Twitter handle, and open dialogue with them, in addition to dialogue with Kerry Cox, (@Kerry_M_Cox) who has strangely been inactive on Twitter these last few months until I gained his attention. As a result, the student body should thank me for reintroducing one of it’s more public figures on campus to the public light.

As you can see from my twitter feed discussion with @ChelsySaysHi this afternoon, I do not hate, nor have a vendetta against Kerry, or any faculty or employee of Lindenwood University. What I do have is a desire to open dialogue between the student body and the members with which they take issue in an open format and anonymously if they so desire. I also have a desire to see information previously kept secret by the university (including various housing, business office, and customer relation issues) kept in the open.

I have been told via a series DM’s with various Twitter users that the University is “looking” for me, and that my actions are “criminal.” Neither are true. Given the method with which I have acquired the document posted today, the student body as well the as the faculty should be thanking me for showing them what meager effort it takes to acquire such information and make it public.

Finally, my efforts are open and public. Anyone can leak anything. I have publicly made both my email as well as my Twitter handle widely available and accessible. If Kerry, Terry Russell, or any other member of any department, both on the faculty or among the University employees, or even students have questions or concerns, FEEL FREE TO EMAIL THEM.

That is all.

So some of the damage is already done as 184 students’ records have been downloaded over 100 times, and probably by at least some fellow students.  And what stops any of the downloaders from re-uploading the list to a file-sharing site?  Will the list reappear on the Internet?

And will the affected students sue the university? FERPA doesn’t provide a private cause of action, so I think they’d have to find some other legal basis for any claim. Would a court consider embarrassment as harm if the students don’t seek psychological counseling over the incident?  If not, what harm or damages can they show if there are no statutory damages?

And what happens to all the tweets now that the account was unplugged? Does DataSift still get them? Does the Library of Congress? I’ve tweeted a message to Twitter’s counsel and hope he replies with an explanation.  If I get one, I’ll update this post.


Related:

  • Two more entities have folded after ransomware attacks
  • British institutions to be banned from paying ransoms to Russian hackers
  • Microsoft Releases Urgent Patch for SharePoint RCE Flaw Exploited in Ongoing Cyber Attacks
  • Global hack on Microsoft product hits U.S., state agencies, researchers say
  • Michigan ‘ATM jackpotting’: Florida men allegedly forced machines to dispense $107K
  • Premier Health Partners issues a press release about a breach two years ago. Why was this needed now?
Category: Breach IncidentsEducation SectorOf NoteU.S.

Post navigation

← Panda Security Hacked, Defaced by #Anonymous
Ore. nurse aide posted Facebook photos of patients →

1 thought on “Twitter yanks @LindenLeaks account, but some damage was already done”

  1. Another More Ron out there says:
    March 8, 2012 at 6:40 am

    Heh, sounds like he is making his/her own rules. As if a “hacking clause” is going to save him/her. Sorry. You obtained PII and made it more readily available, personally putting people at risk. Thats simply a no-brainer (in more ways than one). Its obviously neglect, bottom line.

    Seems like this person has way too much time on thier hands. If your monitoring people’s habits, you need a life. Its no longer under the discretion whether these people file charges or not. Its an act against an EDU, and if they get federal aid I am sure they will call in the Feds, if they aren’t already carefully digging through the information already.

    Not to push anyone, but if the Feds hurry along, they may be able to size you up in your new favorite color with the others that got arrested earlier in the week. Orange.

Comments are closed.

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • Scattered Spider Hijacks VMware ESXi to Deploy Ransomware on Critical U.S. Infrastructure
  • Hacker group “Silent Crow” claims responsibility for cyberattack on Russia’s Aeroflot
  • AIIMS ORBO Portal Vulnerability Exposing Sensitive Organ Donor Data Discovered by Researcher
  • Two Data Breaches in Three Years: McKenzie Health
  • Scattered Spider is running a VMware ESXi hacking spree
  • BreachForums — the one that went offline in April — reappears with a new founder/owner
  • Fans React After NASCAR Confirms Ransomware Breach
  • Allianz Life says ‘majority’ of customers’ personal data stolen in cyberattack (1)
  • Infinite Services notifying employees and patients of limited ransomware attack
  • The safe place for women to talk wasn’t so safe: hackers leak 13,000 user photos and IDs from the Tea app

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • White House ordered to restore Medicaid funding to Planned Parenthood clinics
  • California Attorney General Announces $1.55M CCPA Settlement with Healthline.com
  • Canada’s Bill C-2 Opens the Floodgates to U.S. Surveillance
  • Wiretap Suits Pit Old Privacy Laws Against New AI Technology
  • Action against tiny Scottish charity sparks huge ICO row
  • Congress tries to outlaw AI that jacks up prices based on what it knows about you
  • Microsoft’s controversial Recall feature is now blocked by Brave and AdGuard

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.