- Hackers gained access to university systems through stolen SSO credentials, stealing data on 1.2 million people.
- Massive offensive email followed partial lockout; The university later confirmed that the violation was real
- The attack exploited weak MFA enforcement among senior staff through social engineering
It seems the “obviously false” and “fraudulent” claims recently made by Penn State hackers aren't so “obviously false” and “fraudulent” after all – as the organization has now confirmed that hackers stole files from its systems.
Cybercriminals lately disclosed they gained “full access” to a university employee's PennKey SSO account, giving them access to his VPN. Salesforce data, Qlik analytics platform, SAP business intelligence and SharePoint files. Using this access, they stole data on approximately 1.2 million students, alumni and donors.
The stolen information allegedly includes people's names, dates of birth, addresses, phone numbers, estimated net worth, donation history, and demographic information (race, religion, sexual orientation, and the like).
Attack investigation
After being kicked out of most of the network, they used their remaining access to send an angry email to approximately 700,000 recipients:
“Penn State is an elitist institution full of woke retards. We have terrible security practices and are completely unmeritocratic,” the email said.
“We hire and hire idiots because we love legacy, donors and the recognition of unconditional affirmative action. We love to break federal laws like FERPA (all your data will be exposed) and Supreme Court rulings like SFFA.”
The University of Pennsylvania initially described the emails as “obviously false” and “fraudulent,” but in a recent update backtracked on those claims:
“Penn staff quickly locked down the systems and prevented further unauthorized access; however, not before an offensive and fraudulent email was sent to our community and the information was captured by the attacker,” the update states. “Penn is still investigating the nature of the information received during this time.”
Penn also stated that the attack was carried out through social engineering. Most employees need to use multi-factor authentication (Ministry of Foreign Affairs), but according to TechCrunchSome members of senior management were allowed to skip this step.
By using TechCrunch
The best antivirus for any budget
Follow TechRadar on Google News. And add us as your preferred source to get our expert news, reviews and opinions in your feeds. Be sure to click the “Subscribe” button!
And of course you can also Follow TechRadar on TikTok. for news, reviews, unboxing videos and get regular updates from us on whatsapp too much.
