Online examination tool, ProctorU hacked by Shiny Hunters hacking group, a database containing personal identifiable information of 440,000 users leaked
Shiny Hunters hacking group is back in action with a new data breach. This time they have hacked into the webservers of ProctorU. In the process, they managed to steal a database of nearly 444,267 users of ProtorU and leaked it online.
ProctorU is an online proctoring service or an exam taking tool. It is an American firm and used by many universities and colleges to conduct long-distance examinations. ProctorU allows exam-takers to complete their assessment at home. This is a convenient option for students who are taking courses at a distance. Students log in using their own microphone and webcam and pay a per-exam fee.
The ProctorU website was hacked by the Shiny Hunters hacking group which gained infamy in May by hacking into webservers of nearly 16 tech companies like Couchsurfing, WattPad, Minted, Bhinneka, Dunzo, Dave.com, and many others. After stealing the database, Shiny Hunters leaked the data on online hacker forums like Raid Forum. The ProctorU database contains information about different individuals and organizations, including various education institutes, companies, and users ProctorU.
Since ProctorU is used by many universities and colleges, the database contains information about the students and even professors from these colleges. The data leaked online include sensitive user information like which include usernames, passwords, full names of the individuals, contact no, and residential address and can be used for stalking, hacking, extortion, and even identity theft.
Most universities and colleges worldwide have been affected by this breach, as they relied on ProctorU for conducting online examinations. The ProctorU platform became even more popular among colleges/universities after the lockdown due to coronavirus pandemic.
Most universities using ProctorU services have told their faculty and students to change their usernames and passwords immediately. Sydney University has released a statement related to the breach expressing concern for the event.
The ProctorU data breach raises concerns about privacy also. ProctorU is known to keep tabs the students’ webcams and microphones and save this data on their servers. Many students have complained about the techniques used by ProctorU while conducting exams. It is known to be very intrusive. In fact, the ProctorU tool asks the students to show their surroundings, and also had control over the user’s computer. It could be possible that ProctorU could send these data to third parties. “We consistently warned the University that this could happen. We demand the University immediately suspend the use of ProctorU, as that is the only way to guarantee that students are not exposed again in the future,” said the Student Council of the Sydney University.