Reveal personal data of more than 1.3 million people from a vulnerability in web application

Georgia Tech (Georgia Institute of Technology) - one of the largest US education institutions recently announced the discovery of a serious data breach targeting its system, affecting nearly 1.3 million people. .

More specifically, according to a message from Georgia Tech posted on April 3, 2019, the organization's security experts discovered an unauthorized access to its web application, at the same time. Disclosure of personal information of nearly 1.3 million people who once connected with Georgia Tech including faculty, students, staff, and even high school and college students.

Reveal personal data of more than 1.3 million people from a vulnerability in web application Picture 1

1. Hackers antivirus application preinstalled on Xiaomi phones into malware

Basically, there was a security hole in the Web application of Georgia Tech that was exploited by hackers to gain unauthorized access to the personal information store stored on the agency's network. Web developers at Georgia Tech are now investigating a number of issues related to the performance of one of the web applications they consider contain unauthorized access. The initial investigation showed that in fact, the incident began in mid-December last year, specifically on December 14, 2018.

Carefully analyzing the FAQ for data breach notification by Georgia Tech, the agency's application developers have noticed a significant impact on performance in one of their web applications. me Therefore, they began a secret investigation on March 21, 2019, and the result is as we know it.

Reveal personal data of more than 1.3 million people from a vulnerability in web application Picture 2

1. Insider attacks are becoming more and more popular and difficult to detect

For a while, Georgia Tech discovered that the breach led to personal data including names, addresses, internal identification numbers, birth dates and social security indicators of current students. study, alumni, faculty and also staff, as well as the institute's college-preparatory candidates who have been hacked by unauthorized attackers and may have been 'out Outside 'on the black market trading data. Georgia Tech has begun sending detailed notices to affected individuals as soon as the case is discovered.

Unfortunately, at the present time, the security team of this institute has not been able to identify the identity and origin of those behind the serious infringement. The only information that Georgia Tech could claim was that their central data warehouse was 'illegally accessed by an unidentified entity outside the intranet system'. Current thorough forensic investigations are being rushed to determine exactly what information is extracted from the system (including names, addresses, social security numbers and birth dates), not exclude the possibility that Georgia Tech will have to resort to the help of federal security agencies if things go out of their control.

Reveal personal data of more than 1.3 million people from a vulnerability in web application Picture 3

1. The list of nearly 600 MAC addresses was targeted in the recent hacking of millions of ASUS computer users

Currently, the vulnerability to this serious security issue has been patched, and Georgia Tech is also actively monitoring and dealing with vulnerabilities that may exist in its network. The US Education Administration and the University of Georgia System have now been notified of the case as well as details of the ongoing investigation.

This is the second security incident affecting Georgia Tech in just one year. According to DataBreaches.net's report, in July 2018, nearly 8,000 students were affected by a breach of personal data stemming from the unfortunate reason when an Georgia Tech employee was unconscious. attached to a spreadsheet file containing confidential student data and emailed to other students. In this case, shared data includes ID numbers, home addresses, Visa information, GPA and student learning outcomes.