ProctorU Disclosed a Major Data Breach That Might Have Leaked the Passwords of Over 440,000 People

ProctorU Data Breach

In response to an Australian student magazine by the name of Honi Soit, ProctorU announced on Twitter that it has suffered a data breach. Later, the provider of proctoring solutions for online exams issued an official statement that was only marginally longer and more detailed than the tweet.

The statement said that on July 27, a file containing around 444 thousand records stolen from ProctorU appeared on a hacking forum. The exposed database contained information related to accounts created prior to March 2015 and did not include any financial details, Social Security numbers, or IDs. By the time the announcement came out, ProctorU had already identified the point of entry and had kicked the intruders out. Measures were taken to improve the platform's security, and an investigation was underway to determine what happened exactly.

ProctorU's notice makes it sound like the breach is not a big deal. There is evidence to suggest that this is not quite the case.

The details are still unclear

ProctorU doesn't appear to have put too much effort into disclosing the attack. The announcement says nothing about how the intruders got in, and although the online proctoring platform said that no financial data was exposed, it didn't explain what sort of information got leaked exactly.

According to screenshots of the forum post that advertised the database, the records included names, email addresses, physical addresses, phone numbers, affiliated organizations, and other data. There were passwords in the database as well, but it's not yet clear how well they were protected. Bleeping Computer says that the credentials were hashed, though the hashing algorithm remains unknown. Honi Soit, on the other hand, claims that the login data is "unencrypted." In an ideal world, ProtctorU will intervene and will reveal how it protects users' passwords. Unfortunately, ProctorU's reluctance to talk about the breach shows that we don't live in an ideal world.

Shiny Hunters strikes again

The data was uploaded by a cybercriminal known as Shiny Hunters. Shiny Hunters gained notoriety earlier this year when they started selling huge volumes of information stolen from a wide variety of online services.

The ProctorU data was first posted on the underground forums as a part of a large batch of stolen databases, and Shiny Hunters initially wanted to monetize it. Later, however, they leaked it for free, and it can now be downloaded by anyone with an internet connection.

People who used ProctorU before March 2015, should definitely bear this in mind, and, given the lack of details surrounding the breach, even users with newer accounts could do worse than be a bit more careful.

By Duran
August 11, 2020
News
English
August 11, 2020
News

Popular Posts

'123456' and 'password' Are Still the Worst Passwords You Can...

5 years ago

Did You Save Your Password on a Public Computer? Here's How to...

4 years ago

Cybercriminals Use Coronavirus-Themed Spam to Spread Malware

3 years ago

Cybercrooks Taking Advantage of the Global Pandemic to Profit...

3 years ago

As Fears of the Coronavirus Pandemic Spread, So Does...

3 years ago

CoronaVirus Ransomware Emerges Amid Mass Panic to Cloak KPOT...

3 years ago

Related Posts

News

T-Mobile Data Breach Forces Customers to Change Their Passwords

Over the weekend, T-Mobile customers started receiving text messages that got them quite worried. Their telecommunication provider had suffered a data breach, which resulted in unauthorized access to customer... Read more

November 26, 2019
News

Passwords, Addresses, and Payment Card Data Were Leaked During a Vision Direct Data Breach

Vision Direct, a large, multi-national online retailer of contact lenses, glasses, and other eyecare products recently suffered a data breach which exposed the personal information of some of its customers. This type... Read more

November 21, 2018
News

Slack Started Resetting Passwords That Were Affected During the 2015 Data Breach

Can a data breach that happened and was remedied some four years ago impact people right now? Last week, popular work collaboration and instant messaging service Slack showed us that this is indeed possible. Let's... Read more

July 23, 2019
English
Loading...

Cyclonis Backup Details & Terms

The Free Basic Cyclonis Backup plan gives you 2 GB of cloud storage space with full functionality! No credit card required. Need more storage space? Purchase a larger Cyclonis Backup plan today! To learn more about our policies and pricing, see Terms of Service, Privacy Policy, Discount Terms and Purchase Page. If you wish to uninstall the app, please visit the Uninstallation Instructions page.

Cyclonis Password Manager Details & Terms

FREE Trial: 30-Day One-Time Offer! No credit card required for Free Trial. Full functionality for the length of the Free Trial. (Full functionality after Free Trial requires subscription purchase.) To learn more about our policies and pricing, see EULA, Privacy Policy, Discount Terms and Purchase Page. If you wish to uninstall the app, please visit the Uninstallation Instructions page.

Home

Products

Cyclonis Backup Cyclonis Password Manager Cyclonis World Time

Support

Help Files FAQs Downloads Inquiries & Support

Company

About Us Contact Us Report Abuse

Legal

Cyclonis Backup's Terms of Service Cyclonis Password Manager's EULA Cyclonis World Time's Terms of Service Privacy Policy Cookie Policy Cyclonis Limited's Discount Terms Cyclonis Limited's Additional Terms & Conditions SpyHunter EULA RegHunter EULA EnigmaSoft Privacy Policy & Cookie Policy ESG Privacy Policy & Cookie Policy EnigmaSoft Discount Offer Terms ESG Discount Offer Terms

© 2017-2023 Cyclonis Ltd. CYCLONIS is a trademark of Cyclonis Ltd. All rights reserved.

Registered Office: 3 Castle Street, Penthouse, Dublin D02KF25, Ireland.
Cyclonis Limited, Private Company Limited by shares, Company Registration Number 574974.

Windows is a trademark of Microsoft, registered in the U.S. and other countries.
Mac, iPhone, iPad and App Store are trademarks of Apple Inc., registered in the U.S. and other countries.
iOS is a registered trademark of Cisco Systems, Inc. and/or its affiliates in the United States and certain other countries.
Android and Google Play are trademarks of Google LLC.