- Hackers accessed university systems via stolen SSO credentials, stealing data from 1.2 million people
- Offensive Mass Email Followed Partial Blocking; The university later confirmed that the rape was real.
- The attack exploited weak MFA enforcement among senior staff through social engineering
It appears that the “obviously false” and “fraudulent” claims recently made by the University of Pennsylvania hackers are not so “obviously false” and “fraudulent” after all, as the organization has now confirmed that the hackers stole files from its systems.
Cybercriminals recently revealed that they had gained “full access” to a University employee’s PennKey SSO account, which gave them access to his VPN, Salesforce data, Qlik analytics platform, SAP business intelligence system, and SharePoint files. Using that access, they stole data from approximately 1.2 million students, alumni and donors.
The stolen information allegedly includes people’s names, dates of birth, addresses, phone numbers, estimated net worth, donation history, and demographic details (race, religion, sexual orientation, and the like).
Investigating the attack
After being banned from most of the network, they used the remaining access they had left to send an angry email to approximately 700,000 recipients:
“The University of Pennsylvania is an elitist institution full of mentally retarded people. We have terrible security practices and are not at all meritocratic,” the email said.
“We hire and admit morons because we love legacies, donors, and unconditional affirmative action. We love violating federal laws like FERPA (all your data will be leaked) and Supreme Court rulings like SFFA.”
The University of Pennsylvania initially described the emails as “obviously false” and “fraudulent,” but walked back these claims in a recent update:
“Penn staff quickly locked down systems and prevented unauthorized access; however, not before an offensive and fraudulent email was sent to our community and information was taken by the attacker,” the update reads. “Penn is still investigating the nature of the information that was obtained during this time.”
Penn also said the attack was carried out through social engineering. Most employees are required to use multi-factor authentication (MFA), but depending on TechCrunchsome of the higher-ups were allowed to skip this step.
Through TechCrunch
The best antivirus for all budgets
Follow TechRadar on Google News and add us as a preferred source to receive news, reviews and opinions from our experts in your feeds. Be sure to click the Follow button!
And of course you can also follow TechRadar on TikTok for news, reviews, unboxings in video form and receive regular updates from us on WhatsApp also.
