ProctorU, an online exam proctoring platform, has revealed that it was the victim of a massive data breach; ProctorU is designed to prevent teachers from cheating when students take online exams.
The company was one of 18 organizations whose databases containing 386 million records were stolen by hackers since January; in late July, all databases were offered for free on an online hacker forum.
According to Bleeping Computer, which examined the stolen information, the ProctorU database apparently contains information on 444,000 people, including names, home addresses, emails, cell phone numbers, hashed passwords, and organizational details. Presumably, most of the records relate to current or recent college students.
Last week, ProctorU responded to the University of Sydney's student newspaper with a tweet, confirming that there had been a data breach.
A subsequent ProctorU blog post reiterated the tweeted information, claiming that "records are from 2014 and contain no financial information."
However, according to Bleeping Computer, the database included educational institutions such as UCLA, Harvard, Princeton, Yale, Northern Virginia Community College, University of Texas, Columbia University, University of California at Davis, and Syracuse University included email addresses associated with the following institutions. There were also email addresses associated with the U.S. military.
BleepingComputer claims to have come across details of people who registered with ProctorU in 2012, 2013, 2014, 2015, and 2017.
A ProctorU blog post stated that "ProctorU has disabled the server, terminated access to the environment, and is investigating this incident."
It added, "ProctorU has implemented additional security measures to prevent a recurrence. We have begun notifying affected universities and organizations and will continue to do so."
He added.
To minimize the damage of a data breach, one should set strong passwords, not reuse passwords on different websites, enable two-factor authentication whenever possible, and use one of the best password managers available.
Jake Moore, a security specialist at ESET, told Tom's Guide, "While most of the data released appears to be outdated, there is always a risk that much of this data is still valid today and of interest to cybercriminals."
"Some of the passwords used years ago on some of these accounts may still be in use today on other linked accounts," Moore added. It is important for those affected to check their accounts and make sure that all passwords are unique and long." Any data that has been compromised, no matter how old, is of value to hackers.
Comments