[ISN] Hackers may have accessed Duke information

From: InfoSec News (alerts@private)
Date: Tue Dec 04 2007 - 22:21:07 PST

Previous message: InfoSec News: "[ISN] China hits back at 'slanderous and prejudiced' alert over cyber spies"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

http://www.newsobserver.com/news/story/811419.html

By Marlon A. Walker
staff writer
Dec 04, 2007

DURHAM - The Social Security numbers of about 1,400 prospective Duke Law 
School students may have been accessed by a hacker to the schools Web 
site, officials said Tuesday.

An editor working on the site Thursday afternoon found several links 
that were not authorized, Duke Law School spokeswoman Melinda Vaughn 
said Tuesday evening. She said the site was immediately taken offline 
and an investigation into how the links were put on the site commenced.

Vaughn said two databases one for students who have requested 
information on the law school and one for students who have already 
submitted applications were available for viewing by hackers. The 
database for interested students included the social security numbers of 
about 1,400 students. The issues for applicants were e-mail addresses 
and user-generated passwords used to check their application status to 
the law school. About 1,800 people were registered on the second 
database, she said.

We were concerned that some of those people might have used the same 
passwords that they used on other sites, Vaughn said.

In an e-mail to the affected students, associate dean of admissions 
William J. Hoye alluded to the fact that the information may not have 
been breached.

"We have no evidence that the intruders actually downloaded or acquired 
any of this information," Hoye said in the e-mail, sent Tuesday. 
"Nonetheless, we know they had the opportunity and the tools to do so."

The school is telling those affected to monitor their credit as a 
precaution. A phone number and e-mail address have also been set up for 
anyone to get answers to any questions regarding the breach.

Vaughn said personal information of two current students was possibly 
compromised in the site breach. Those two, she said, were among the 
prospective students who had generated passwords to check their 
application status.

Tuesday evening, a note on the Duke Law School Web site said some of its 
content continued to be unavailable for access. Vaughn said she expected 
the site to be back online as soon as Tuesday night.

Were certainly continuing the investigation, she said. We still dont 
know what happened and who did it.


__________________________________________________________________      
Visit InfoSec News
http://www.infosecnews.org/

Previous message: InfoSec News: "[ISN] China hits back at 'slanderous and prejudiced' alert over cyber spies"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.3 : Tue Dec 04 2007 - 22:35:32 PST