ProctorU Disclosed a Major Data Breach That Might Have Leaked the Passwords of Over 440,000 People
In response to an Australian student magazine by the name of Honi Soit, ProctorU announced on Twitter that it has suffered a data breach. Later, the provider of proctoring solutions for online exams issued an official statement that was only marginally longer and more detailed than the tweet.
The statement said that on July 27, a file containing around 444 thousand records stolen from ProctorU appeared on a hacking forum. The exposed database contained information related to accounts created prior to March 2015 and did not include any financial details, Social Security numbers, or IDs. By the time the announcement came out, ProctorU had already identified the point of entry and had kicked the intruders out. Measures were taken to improve the platform's security, and an investigation was underway to determine what happened exactly.
ProctorU's notice makes it sound like the breach is not a big deal. There is evidence to suggest that this is not quite the case.
The details are still unclear
ProctorU doesn't appear to have put too much effort into disclosing the attack. The announcement says nothing about how the intruders got in, and although the online proctoring platform said that no financial data was exposed, it didn't explain what sort of information got leaked exactly.
According to screenshots of the forum post that advertised the database, the records included names, email addresses, physical addresses, phone numbers, affiliated organizations, and other data. There were passwords in the database as well, but it's not yet clear how well they were protected. Bleeping Computer says that the credentials were hashed, though the hashing algorithm remains unknown. Honi Soit, on the other hand, claims that the login data is "unencrypted." In an ideal world, ProtctorU will intervene and will reveal how it protects users' passwords. Unfortunately, ProctorU's reluctance to talk about the breach shows that we don't live in an ideal world.
Shiny Hunters strikes again
The data was uploaded by a cybercriminal known as Shiny Hunters. Shiny Hunters gained notoriety earlier this year when they started selling huge volumes of information stolen from a wide variety of online services.
The ProctorU data was first posted on the underground forums as a part of a large batch of stolen databases, and Shiny Hunters initially wanted to monetize it. Later, however, they leaked it for free, and it can now be downloaded by anyone with an internet connection.
People who used ProctorU before March 2015, should definitely bear this in mind, and, given the lack of details surrounding the breach, even users with newer accounts could do worse than be a bit more careful.