DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

Princeton University becomes victim of MongoDB ransom attacks

Posted on January 10, 2017 by Dissent

Princeton University became one of the more than 27,000 entities that recently had their databases wiped by attackers who claim that if victims pay ransom, they’ll get their data back.  The attackers have been able to access and overwrite databases in MongoDB installations that were left open on Port 27017. With no login or authentication required, anyone can access the files, exfiltrate them, edit them to corrupt the data, or just delete them all. In these cases, the attackers are deleting the databases.

The attack on Princeton was first detected by DataBreaches.net on January 7, and confirmed by Victor Gevers, the ethical hacker and founder of GDI who has been responsible for thousands of notifications.

Directory listing shows the replacement database
After the attack, the database was replaced with a database called PLEASE_READ that contained the ransom demand.

In this case, the replacement database provided an email address of [email protected] and the following note:

SEND 0.2 BTC TO THIS ADDRESS 1Hhb4rJY7hYFMLwE1j1834zWsNBRWXN9Sv AND CONTACT THIS EMAIL WITH YOUR IP OF YOUR SERVER TO RECOVER YOUR DATABASE !

The ransom demand that replaced Princeton’s database in their MongoDB installation.

DataBreaches.net sent notification to Princeton immediately and requested a statement from them as to what kinds of data were in the database – specifically, whether it included any student, faculty, or staff personal information.

A spokesperson informed DataBreaches.net today that the university would have no comment on the incident.  We don’t know, therefore, whether the data were exfiltrated or just deleted. The second thing we don’t know is whether this was a production database with unencrypted personal information or some other type of database. And third, we do not know whether the database was under Princeton’s direct control or under the control of one of their vendors.

Some transparency seems important here. If you’re a student or faculty member at Princeton, you may want to contact them and ask them for a direct answer as to whether unencrypted personal information was in that database.

And if you find out, please let this site know and we’ll update this post.

 

Category: Education SectorHackU.S.

Post navigation

← HHS OCR: Henrico Sen. Dunnavant’s political letter to patients broke health privacy rules, but no sanctions needed
Cosmetic surgery center discloses ransomware attack →

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • Why Dumping Sensitive Data on Network Shares is a Liability
  • A militarily degraded Iran may turn to asymmetrical warfare – raising risk of proxy and cyber attacks
  • Pro-Russian hackers disrupt Dutch government websites ahead of NATO summit
  • Iran-Linked Threat Actors Leak Visitors and Athletes’ Data from Saudi Games
  • UK: Oxford City Council still investigating cyberattack from earlier this month
  • Steelmaker Nucor Says Hackers Stole Data in Recent Attack
  • People’s Republic of China cyber threat activity: Cyber Threat Bulletin
  • Ukrainian Web3 security auditing company Hacken suffered an attack that allowed a hacker to create 900 million HAI tokens
  • McLaren provides written notice to 743,131 patients after ransomware attack in July 2024 (2)
  • A state forensics lab was leaking its files. Getting it locked down involved a number of people.

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • Sky Views Personal Data as a Potential Weapon in IPTV Piracy War
  • Florida Used a Nationwide Surveillance Camera Network 250 Times To Aid in Immigration Arrests
  • Federal Court Strikes Down HIPAA Reproductive Health Care Privacy Rule
  • The Markup caught 4 more states sharing personal health data with Big Tech
  • Privacy in the Big Sky State: Montana’s Consumer Privacy Law Gets Amended
  • UK Passes Data Use and Access Regulation Bill
  • Officials defend Liberal bill that would force hospitals, banks, hotels to hand over data

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.