DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

Princeton University becomes victim of MongoDB ransom attacks

Posted on January 10, 2017 by Dissent

Princeton University became one of the more than 27,000 entities that recently had their databases wiped by attackers who claim that if victims pay ransom, they’ll get their data back.  The attackers have been able to access and overwrite databases in MongoDB installations that were left open on Port 27017. With no login or authentication required, anyone can access the files, exfiltrate them, edit them to corrupt the data, or just delete them all. In these cases, the attackers are deleting the databases.

The attack on Princeton was first detected by DataBreaches.net on January 7, and confirmed by Victor Gevers, the ethical hacker and founder of GDI who has been responsible for thousands of notifications.

Directory listing shows the replacement database
After the attack, the database was replaced with a database called PLEASE_READ that contained the ransom demand.

In this case, the replacement database provided an email address of [email protected] and the following note:

SEND 0.2 BTC TO THIS ADDRESS 1Hhb4rJY7hYFMLwE1j1834zWsNBRWXN9Sv AND CONTACT THIS EMAIL WITH YOUR IP OF YOUR SERVER TO RECOVER YOUR DATABASE !

The ransom demand that replaced Princeton’s database in their MongoDB installation.

DataBreaches.net sent notification to Princeton immediately and requested a statement from them as to what kinds of data were in the database – specifically, whether it included any student, faculty, or staff personal information.

A spokesperson informed DataBreaches.net today that the university would have no comment on the incident.  We don’t know, therefore, whether the data were exfiltrated or just deleted. The second thing we don’t know is whether this was a production database with unencrypted personal information or some other type of database. And third, we do not know whether the database was under Princeton’s direct control or under the control of one of their vendors.

Some transparency seems important here. If you’re a student or faculty member at Princeton, you may want to contact them and ask them for a direct answer as to whether unencrypted personal information was in that database.

And if you find out, please let this site know and we’ll update this post.

 

Category: Education SectorHackU.S.

Post navigation

← HHS OCR: Henrico Sen. Dunnavant’s political letter to patients broke health privacy rules, but no sanctions needed
Cosmetic surgery center discloses ransomware attack →

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • Central Maine Healthcare tackles suspected cybersecurity issue; hospitals remain open
  • Cartier Data Breach: Luxury Retailer Warns Customers that Personal Data Was Exposed
  • Beyond the Pond Phish: Unraveling Lazarus Group’s Evolving Tactics
  • Akira doesn’t keep its promises to victims — SuspectFile
  • Fraudsters, murderers, students: who the GRU assembled a team of hacker provocateurs from and why it failed
  • Order of Psychologists of Lombardy fined 30,000 € for inadequate data security protection and detection following ransomware attack
  • Lower Merion School District says a data breach was caused by a computer glitch (1)
  • After $1 Million Ransom Demand, Virgin Islands Lottery Restores Operations Without Paying Hackers
  • Junior Defence Contractor Arrested For Leaking Indian Naval Secrets To Suspected Pakistani Spies
  • Mysterious leaker GangExposed outs Conti kingpins in massive ransomware data dump

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • Stewart Baker vs. Orin Kerr on “The Digital Fourth Amendment”
  • Fears Grow Over ICE’s Reach Into Schools
  • Resource: HoganLovells Asia-Pacific Data, Privacy and Cybersecurity Guide 2025
  • She Got an Abortion. So A Texas Cop Used 83,000 Cameras to Track Her Down.
  • Why AI May Be Listening In on Your Next Doctor’s Appointment
  • Watch out for activist judges trying to deprive us of our rights to safe reproductive healthcare
  • Nebraska Bans Minor Social Media Accounts Without Parental Consent

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.