DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

Universities hacked, data dumped by @MarxistAttorney (Update4)

Posted on January 4, 2015 by Dissent

There’s someone else I need to follow, as he/they seems to be hacking a number of universities and colleges.

In a post on Pastebin yesterday, @MarxistAttorney (web site) claimed a number of hacks, including,
California State University, University of Kentucky, University of Connecticut, University of Maryland, Coastal Carolina University, and Abertay University.

For each entity, there is a data dump for proof of claim; other data dumps are linked from his web site. DataBreaches.net is not linking to the individual data dumps, but has reached out to each of the universities mentioned above to ask them if they will confirm or deny that they have been hacked and that those are their data. The University of Kentucky has already acknowledged our inquiry and states that they are investigating the claimed hack.

This post will be updated as more information or responses become available, but in a quick attempt to verify the claims, DataBreaches.net found that one of the data dumps that had been labeled California State University had originally been posted elsewhere as a hack of the San Diego Zoo with attribution to “Paw Security(@PawSecReturns) #Op4Pawz.”

Google searches of strings in some other dumps did not locate any duplicates or previous postings.

Does “Attorney” have a gripe against U. of Maryland that contributed to it being targeted? Perhaps, as this tweet suggests:

You should’ve accepted me into your university #Carbonic http://t.co/V7Fga9bN5E@UofMaryland

— Carbonic (@teamcarbonic) December 10, 2014

Attorney has not yet responded to an inquiry sent by this site asking him why he is targeting universities in general and these universities in particular.

Update: In response to this site’s inquiry, “Attorney” emailed the following statement and posted a copy of it on Pastebin:

Greetz to @TeamCarbonic.

In response to this – http://www.databreaches.net/universities-hacked-data-dumped-by-marxistattorney/?utm_medium=twitter&utm_campaign=fk7h35y573m&utm_source=twitterfeed

I targeted universities for the sole pleasure of the “lulz” that came out of this. It is true, I have thousands upon thousands of logins, employee ids, and various other sensitive information regarding the universities. What I intend to do with this data is publicize it to undermine the idiots at the IT Team.

Regards,
Attorney

Apart from an initial response from U. of Kentucky saying that they were looking into things, DataBreaches.net has received no responses yet to the inquiries it sent to the universities asking them to confirm or deny they were hacked.

This might be a good time to remind everyone that no federal agency has really taken any point or serious interest in investigating data breaches in the education sector. The FTC claims it does not have authority over non-profits under Section 5 of the FTC Act. They have not responded substantively to this blogger’s analysis and EPIC’s analysis that the FTC does have authority under the Safeguards Rule if financial information is involved.

Update 2: A spokesperson for Abertay University responded to the inquiries from DataBreaches.net with the following statement:

The data to which you refer appears to have been hacked from a satellite site – www.daretobedigital.co.uk – which was set up to promote an annual computer games design competition which we run. While it carries the University’s branding, it is separate from the University’s main site – www.abertay.ac.uk – and is hosted on commercial servers, not the
University’s own servers. We are investigating the hack in conjunction with the commercial hosting company.

Update 3: On January 8, four days after notification, the U. of Maryland responded: “We take these matters seriously and are investigating the matter.

Update 4: This post did not mention Fordham University as an entity hacked by @MarxistAttorney, yet a representative from Fordham U. submitted a statement from the university in the Comments section below, presumably because #TeamCarbonic’s listing of universities on their web site includes Fordham.

Category: Education SectorHack

Post navigation

← As I was saying….
Feds still unraveling extent of tax fraud in Miami Dade College student accounts →

6 thoughts on “Universities hacked, data dumped by @MarxistAttorney (Update4)”

  1. David says:
    January 6, 2015 at 1:28 pm

    Higher Ed has always been a porous pitcher to carry secure or private information … combine ad-hoc networking that grows like Kudzu; a community of scholars that can’t be bothered with mundane security; community of students (ever-changing) that is so natively digital that typical security hinders them only slightly (evidence the 7th graders in Alaska who staged a full scale faculty phishing exercise, leading to taking over the servers and then, via RAT, student laptop cameras and mics). But the most egregious gap occurs at quarterly board meetings, when governance of IT is given little or no shrift, compared to advancement and athletics.

    A HIPAA-like law is called for in education … FERPA’s protection being so limited in scope.

  2. Bob Howe says:
    January 10, 2015 at 11:02 am

    FORDHAM UNIVERSITY STATEMENT

    SATURDAY, JANUARY 10, 2015–Fordham University user information has not been compromised. The claim posted by @MarxistAttorney and Team Carbonic is recycled from 2010 (and again in 2014), and erroneously attributed data, ostensibly stolen from http://www.kaplanfinancial.com, to Fordham University. The actual content did not contain Fordham usernames nor passwords in 2010/2014, and still does not. Fordham values and vigorously defends the protection of its community’s Personally Identifiable Information (PII). The University will continue to monitor events surrounding this alleged breach.

  3. Attorney says:
    January 10, 2015 at 7:42 pm

    IN RESPONSE TO FORDHAM UNIVERSITY:
    I have never claimed to hack Fordham University, nor has Team Carbonic. You are pulling accusations out of your ass.

    1. Dissent says:
      January 10, 2015 at 8:05 pm

      Listed on your “dumps” page of your web site (until some time today) was “http://www.fordham.edu – Student Login Dump” with a link to http://yourattorney.nl/dumps/ford.txt.

  4. Attorney says:
    January 11, 2015 at 7:10 pm

    In response to Dissent;
    We simply mirrored the page on our site, we did not claim credit for hacking it (take a look at our twitter timeline or my personal twitter timeline for that matter). Keep in mind at the top of the web page it says in clear text “The web master hall of shame”, although we do mention it contains our personal dumps, we also include the dumps of various other individuals that don’t have a place to keep it.We removed it today to remove confusion from idiots such as Bob Howe.

    1. joel mchale says:
      January 15, 2015 at 9:25 am

      @attorney
      you’re a jackass attorney. GrowTFU and accept the fact that we rejected your admission request for the LULZ! We see through your childishness and you just don’t fit in with the status of the human race. There are many other planets to choose from, might I suggest you move to Uranus! now go away little girly man.

      and from this point on, watch your back!

Comments are closed.

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • Texas gastroenterology and surgical practice victim of ransomware attack
  • Romanian Citizen Pleads Guilty to ‘Swatting’ Numerous Members of Congress, Churches, and Former U.S. President
  • North Dakota Enacts Financial Data Security and Data Breach Notification Requirements
  • Pro-Ukraine hacker group Black Owl poses ‘major threat’ to Russia, Kaspersky says
  • Vanta bug exposed customers’ data to other customers
  • Lyrix Ransomware Targets Windows Users with Advanced Evasion Techniques
  • Central Maine Healthcare tackles suspected cybersecurity issue; hospitals remain open
  • Cartier Data Breach: Luxury Retailer Warns Customers that Personal Data Was Exposed
  • Beyond the Pond Phish: Unraveling Lazarus Group’s Evolving Tactics
  • Akira doesn’t keep its promises to victims — SuspectFile

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • Supreme Court Agrees to Clarify Emergency Situations Where Police Don’t Need Warrant
  • Stewart Baker vs. Orin Kerr on “The Digital Fourth Amendment”
  • Fears Grow Over ICE’s Reach Into Schools
  • Resource: HoganLovells Asia-Pacific Data, Privacy and Cybersecurity Guide 2025
  • She Got an Abortion. So A Texas Cop Used 83,000 Cameras to Track Her Down.
  • Why AI May Be Listening In on Your Next Doctor’s Appointment
  • Watch out for activist judges trying to deprive us of our rights to safe reproductive healthcare

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.
Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report