Today I was contacted via Twitter by Mys7erioN who revealed me to have hacked into the database of a US organization, the Michigan State University.
As proof of the hack, Mys7erioN published on Pastebin the records of the table containing user data, including ‘user,’ including names, logins, phone numbers, emails published and encrypted passwords.
Mys7erioN is a young hacker, he told me that he is 17 years old from the Netherlands that is studying IT security at the school.
He was scanning some websites when discovered an SQL injection vulnerability in the systems of the Michigan State University.
In the following image is reported the list of tables included in the hacked database.
One of the tables, “gelstaff_mp2016” seems to be an updated list of users. The hacker also published it on Pastebin, a total of roughly 500 personal information and 222 logins.
This isn’t the first time the Michigan State University is hacked, in 2012 the hacker DARWINARE published approximately 1,500 names, e-mail addresses, encrypted passwords, user IDs and mailing addresses stolen from the University.
(Security Affairs – Michigan State University, data breach)