近日,圈小蛙看到,名为”Valerie“的威胁行为者正在暗网BreachForums论坛出售2024年6月1日的香港中文大学用户数据库:
On June 1st, the Chinese University of Hong Kong (CUSCS) suffered a breach of about 100k students, including employees, part-time tutors, students, graduates and some visitors. 75% of the data was given to a private party; responsible of financing the breach.
The rest of the data was not shared, so upon multiple offers, we decided to make a public sell.
帖子称,香港中文大学(CUSCS)的约10万名学生(包括员工、兼职导师、学生、毕业生和部分访客)的数据遭到泄露。其中75%的数据被提供给了一家私人公司,该公司负责为漏洞提供资金。其余数据未被共享,因此在多方提议下,”Valerie“决定公开出售。
出售的数据包括:
Users.csv ─────────────────── 36k
courseid_1_participants.csv ───────── 5k
courseid_1_participants(2).csv ─────── 5k
帖子提供了一些样本数据:
id,username,email,firstname,lastname,idnumber,institution,department,phone1,phone2,city,country,profile_field_skype,profile_field_yahoo,profile_field_url
17534,30293298,tsang[email protected],"Hiu Man",TSANG,30293298,,,,,,,,, 20480,30301455,303[email protected],"Hiu Man",WONG,30301455,,EEL,,,HK,HK,,,
6324,30257250,hu[email protected],"Hiu Man",YAU,30257250,,,,,,,,, 7685,30269660,302[email protected],"Hiu Mei",CHAN,30269660,,ADM,,,HK,HK,,,
10192,30262477,302[email protected],"Hiu Mei",CHEUNG,30262477,,SSE,,,HK,HK,,, 23291,30311022,s0[email protected],"Hiu Mei",LEUNG,30311022,,"PT Students",,,,,,,
8603,30257531,hm[email protected],"Hiu Mei",WONG,30257531,,"PT Students",,,,,,, 12715,30223626,mi[email protected],"Hiu Min",WONG,30223626,,"PT Students",,,,,,,
1832,30242089,302[email protected],"Hiu Ming",LAM,30242089,,ADM,,,HK,HK,,, 24646,30147710,mi[email protected],"Hiu Ming Micheal",CHAN,30147710,,"PT Students",,,,,,,
8836,30264623,[email protected],"Hiu Nam",CHAN,30264623,,"PT Students",,,,,,,
10638,30277697,302[email protected],"Hiu Nam",CHAN,30277697,,EEL,,,HK,HK,,, 26249,30319495,hi[email protected],"Hiu Nam Hilda",LAI,30319495,,"PT Students",,,,,,,
16385,30290560,nico[email protected],"Hiu Nam",KO,30290560,,,,,,,,, 11340,30280755,lam[email protected],"Hiu Nam",LAM,30280755,,"PT Students",,,,,,,
20018,30294690,302[email protected],"Hiu Nam",TANG,30294690,,SSE,,,HK,HK,,, 24201,30173581,krysta[email protected],"Hiu Ngan",HO,30173581,,"PT Students",,,,,,,
19615,wonghiuning,wong[email protected],"Hiu Ning",Wong,wonghiuning,,,,,,,,, 6862,30261767,302[email protected],"Hiu Nok Michelle",CHEUNG,30261767,,SSE,,,HK,HK,,,
22071,30306444,dest[email protected],"Hiu Pan",CHEN,30306444,,"PT Students",,,,,,, 20439,30300969,303[email protected],"Hiu Pan",FONG,30300969,,SSE,,,HK,HK,,,
2763,30255394,302[email protected],"Hiu Pan",YEUNG,30255394,,ADM,,,HK,HK,,, 2770,30255413,302[email protected],"Hiu Ping",KOO,30255413,,HS,,,HK,HK,,,
11309,30280472,chen[email protected],Zicheng,CHEN,30280472,,"PT Students",,,,,,, 23671,30309536,303[email protected],Zicong,CHEN,30309536,,ADHAS,,,HK,HK,,,
19168,arthurzhou,art[email protected],"Zifeng Arthur",Zhou,artu,,"PT Students",,,,,,,
12590,30280245,koot[email protected],Zihang,GU,30280245,,"PT Students",,,,,,, 23580,30307944,303[email protected],Zihao,WANG,30307944,,HS,,,HK,HK,,,
23529,30306892,303[email protected],Zihao,ZHAN,30306892,,ADHAS,,,HK,HK,,, 23813,30311488,303[email protected],Zihao,ZHENG,30311488,,ADHAS,,,HK,HK,,,
701,30214095,302[email protected],Ziheng,CHEN,30214095,,GCD,,,HK,HK,,, 22350,30276336,chen[email protected],Zijing,CHEN,30276336,,"PT Students",,,,,,,
据媒体报道,香港中文大学专业进修学院(CUSCS)6月份遭黑客攻击,CUSCS周四表示,Moodle网上学习平台于6月3日遭黑客攻击。
被黑客窃取的信息包括20870个Moodle帐户的姓名、电邮地址和学号,包括员工、兼职导师、学生、毕业生和部分访客。
学院表示,已停用相关帐户、重设密码、将网上学习平台与相关服务器分离,并加强安全措施,在三次登录失败后封锁帐户。
学院还成立了由院长、副院长、信息技术服务总监、行政总监和传讯及公共关系总监组成的危机管理小组,以评估风险。
CUSCS表示,港中大也已收到有关事件的通知。
学院委任的资讯科技保安顾问已即时展开调查,并无发现大量资料外泄,相关资料亦没有出现在暗网上。
学院亦已向警方报案,校方亦已按既定程序通知个人资料私隐专员公署(PCPD)。
PCPD周四表示,已接获有关事件的投诉。