DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

Universities hacked, data dumped by @MarxistAttorney (Update4)

Posted on January 4, 2015 by Dissent

There’s someone else I need to follow, as he/they seems to be hacking a number of universities and colleges.

In a post on Pastebin yesterday, @MarxistAttorney (web site) claimed a number of hacks, including,
California State University, University of Kentucky, University of Connecticut, University of Maryland, Coastal Carolina University, and Abertay University.

For each entity, there is a data dump for proof of claim; other data dumps are linked from his web site. DataBreaches.net is not linking to the individual data dumps, but has reached out to each of the universities mentioned above to ask them if they will confirm or deny that they have been hacked and that those are their data. The University of Kentucky has already acknowledged our inquiry and states that they are investigating the claimed hack.

This post will be updated as more information or responses become available, but in a quick attempt to verify the claims, DataBreaches.net found that one of the data dumps that had been labeled California State University had originally been posted elsewhere as a hack of the San Diego Zoo with attribution to “Paw Security(@PawSecReturns) #Op4Pawz.”

Google searches of strings in some other dumps did not locate any duplicates or previous postings.

Does “Attorney” have a gripe against U. of Maryland that contributed to it being targeted? Perhaps, as this tweet suggests:

You should’ve accepted me into your university #Carbonic http://t.co/V7Fga9bN5E@UofMaryland

— Carbonic (@teamcarbonic) December 10, 2014

Attorney has not yet responded to an inquiry sent by this site asking him why he is targeting universities in general and these universities in particular.

Update: In response to this site’s inquiry, “Attorney” emailed the following statement and posted a copy of it on Pastebin:

Greetz to @TeamCarbonic.

In response to this – http://www.databreaches.net/universities-hacked-data-dumped-by-marxistattorney/?utm_medium=twitter&utm_campaign=fk7h35y573m&utm_source=twitterfeed

I targeted universities for the sole pleasure of the “lulz” that came out of this. It is true, I have thousands upon thousands of logins, employee ids, and various other sensitive information regarding the universities. What I intend to do with this data is publicize it to undermine the idiots at the IT Team.

Regards,
Attorney

Apart from an initial response from U. of Kentucky saying that they were looking into things, DataBreaches.net has received no responses yet to the inquiries it sent to the universities asking them to confirm or deny they were hacked.

This might be a good time to remind everyone that no federal agency has really taken any point or serious interest in investigating data breaches in the education sector. The FTC claims it does not have authority over non-profits under Section 5 of the FTC Act. They have not responded substantively to this blogger’s analysis and EPIC’s analysis that the FTC does have authority under the Safeguards Rule if financial information is involved.

Update 2: A spokesperson for Abertay University responded to the inquiries from DataBreaches.net with the following statement:

The data to which you refer appears to have been hacked from a satellite site – www.daretobedigital.co.uk – which was set up to promote an annual computer games design competition which we run. While it carries the University’s branding, it is separate from the University’s main site – www.abertay.ac.uk – and is hosted on commercial servers, not the
University’s own servers. We are investigating the hack in conjunction with the commercial hosting company.

Update 3: On January 8, four days after notification, the U. of Maryland responded: “We take these matters seriously and are investigating the matter.

Update 4: This post did not mention Fordham University as an entity hacked by @MarxistAttorney, yet a representative from Fordham U. submitted a statement from the university in the Comments section below, presumably because #TeamCarbonic’s listing of universities on their web site includes Fordham.

Related posts:

  • TeamGhostShell posts “master list” of 548 leaks (so far)
  • @MarxistAttorney tweet suggests he’s been arrested (corrected and updated)
  • U. of Hawaii and Cornell University hacked by @MarxistAttorney
  • ProjectWestWind: TeamGhostShell hacks and dumps 120,000 records from 100 U.S. and non-U.S. universities (updated)
Category: Education SectorHack

Post navigation

← As I was saying….
Feds still unraveling extent of tax fraud in Miami Dade College student accounts →

6 thoughts on “Universities hacked, data dumped by @MarxistAttorney (Update4)”

  1. David says:
    January 6, 2015 at 1:28 pm

    Higher Ed has always been a porous pitcher to carry secure or private information … combine ad-hoc networking that grows like Kudzu; a community of scholars that can’t be bothered with mundane security; community of students (ever-changing) that is so natively digital that typical security hinders them only slightly (evidence the 7th graders in Alaska who staged a full scale faculty phishing exercise, leading to taking over the servers and then, via RAT, student laptop cameras and mics). But the most egregious gap occurs at quarterly board meetings, when governance of IT is given little or no shrift, compared to advancement and athletics.

    A HIPAA-like law is called for in education … FERPA’s protection being so limited in scope.

  2. Bob Howe says:
    January 10, 2015 at 11:02 am

    FORDHAM UNIVERSITY STATEMENT

    SATURDAY, JANUARY 10, 2015–Fordham University user information has not been compromised. The claim posted by @MarxistAttorney and Team Carbonic is recycled from 2010 (and again in 2014), and erroneously attributed data, ostensibly stolen from http://www.kaplanfinancial.com, to Fordham University. The actual content did not contain Fordham usernames nor passwords in 2010/2014, and still does not. Fordham values and vigorously defends the protection of its community’s Personally Identifiable Information (PII). The University will continue to monitor events surrounding this alleged breach.

  3. Attorney says:
    January 10, 2015 at 7:42 pm

    IN RESPONSE TO FORDHAM UNIVERSITY:
    I have never claimed to hack Fordham University, nor has Team Carbonic. You are pulling accusations out of your ass.

    1. Dissent says:
      January 10, 2015 at 8:05 pm

      Listed on your “dumps” page of your web site (until some time today) was “http://www.fordham.edu – Student Login Dump” with a link to http://yourattorney.nl/dumps/ford.txt.

  4. Attorney says:
    January 11, 2015 at 7:10 pm

    In response to Dissent;
    We simply mirrored the page on our site, we did not claim credit for hacking it (take a look at our twitter timeline or my personal twitter timeline for that matter). Keep in mind at the top of the web page it says in clear text “The web master hall of shame”, although we do mention it contains our personal dumps, we also include the dumps of various other individuals that don’t have a place to keep it.We removed it today to remove confusion from idiots such as Bob Howe.

    1. joel mchale says:
      January 15, 2015 at 9:25 am

      @attorney
      you’re a jackass attorney. GrowTFU and accept the fact that we rejected your admission request for the LULZ! We see through your childishness and you just don’t fit in with the status of the human race. There are many other planets to choose from, might I suggest you move to Uranus! now go away little girly man.

      and from this point on, watch your back!

Comments are closed.

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • Northern Light Health patients affected by security incident at Compumedics; 10 healthcare entities affected
  • Privacy commissioner reviewing reported Ontario Health atHome data breach
  • CMS warns Medicare providers of fraud scheme
  • Ex-student charged with wave of cyber attacks on Sydney uni
  • Detaining Hackers Before the Crime? Tamil Nadu’s Supreme Court Approves Preventive Custody for Cyber Offenders
  • Potential Cyberattack Scrambles Columbia University Computer Systems
  • 222,000 customer records allegedly from Manhattan Parking Group leaked
  • Breaches have consequences (sometimes) (1)
  • Kansas City Man Pleads Guilty for Hacking a Non-Profit
  • British national “IntelBroker” charged with causing $25 million in damages; U.S. seeks his extradition from France

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • Germany Wants Apple, Google to Remove DeepSeek From Their App Stores
  • Supreme Court upholds Texas law requiring age verification on porn sites
  • Justices nix Medicaid ‘right’ to choose doctor, defunding Planned Parenthood in South Carolina
  • European Commission publishes its plan to enable more effective law enforcement access to data
  • Sacred Secrets: The Biblical Case for Privacy and Data Protection
  • Microsoft’s Departing Privacy Chief Calls for Regulator Outreach
  • Nestle USA Settles Suit Over Job-Application Medical Questions

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.