Harvard University Hacked. Personal Data Uploaded to BitTorrent

March 13, 2008 by PatB | 3 comments

There is a reason for information security and best practices. Ignoring things like setting strong passwords and having an account lockout policy will have perilous consequences. Just ask the 10,000 applicants to Harvard Graduate School of Arts and Sciences who had their personal information, including their social security numbers, uploaded to Bit Torrent. That data is there because the Harvard server admin used an easily guessable password.

From the AP here:

Harvard says about 10,000 of last year’s applicants may have had their personal information compromised, with 6,600 having their Social Security numbers exposed.

The school says it will provide the applicants with free identity theft recovery services and help them with credit monitoring and fraud alerts.

The details of the hack were posted last month at Torrent Freak here:

A Harvard University website has become the victim of a major security breach. A torrent currently tracked by The Pirate Bay which links to a 125mb .zip file, claims to be the backup from the Harvard Graduate School of Arts and Sciences website.

The backup contains three other major database files and a .NFO file included with the release says in broken English: “Maybe you don’t like it but this is to demonstrate that persons like tgatton(admin of the server) in they don’t know how to secure a website.”

A file included with the release labeled password.txt carries a message:

Thomas gatton….stupid people, you don’t use a secure password.

This appears to be a reference to Thomas Gatton, Systems Administrator and User Support Specialist at Harvard.

It’s one thing to be rejected by an Ivy League School. Its quite another for the Ivy League School to allow you to become the victim of identity theft.

Sharing is Sexy!
  • Digg
  • StumbleUpon
  • Reddit
  • Facebook
  • MySpace
  • FriendFeed
  • del.icio.us
  • Google Bookmarks
  • email
Related Posts:
  1. Hannaford Data Breach is Likely Much Worse Than Reported
  2. 66% of used hard drives still hold sensitive data
  3. Monster.com user data stolen — again
  4. Half Million Microsoft Servers Hacked
Cool posts on other blogs:

Posted in Security, Web | 3 Comments »

Did you enjoy this post? If so, subscribe to the geeksaresexy RSS feed.

3 Responses to “Harvard University Hacked. Personal Data Uploaded to BitTorrent”

  1. BelchSpeak » Post Topic » New [GAS] Post: Hacking Harvard says:
    March 13, 2008 at 2:38 pm

    [...] Read the rest over at [GAS]. [...]

    Reply
  2. Hackaram a Universidade de Harvard | Eurico Leite says:
    March 13, 2008 at 4:11 pm

    [...] candidatos para a faculdade de Arte e Ciência da Universidade de Harvard viram os seus dados serem colocados na web por via do BitTorrent. Os dados continham informações pessoais, incluindo os números da [...]

    Reply
  3. Poppy Cedes » Harvard University Hacked. Personal Data Uploaded to BitTorrent says:
    March 14, 2008 at 4:21 am

    [...] Harvard University Hacked. Personal Data Uploaded to BitTorrent (note to self: suggest to J that he withdraw his resume from the Harvard IT department) [...]

    Reply

Leave a Reply


| [Geeks are Sexy] Privacy Policy | Legal Disclaimer |