Top US university data for sale on dark web


A threat actor on the dark web has claimed possession of data affiliated with numerous high-profile universities in the US.

The universities in question include various Ivy League schools, such as Princeton University and Stanford University, along with the University of Chicago and Duke University.

The information allegedly gathered by the hacker includes email addresses and names of those who are affiliated with the universities, as first reported by The Cyber Express.

ADVERTISEMENT

The Cybernews research team confirmed the validity of the ad that was posted to BreachForums on the 5th of March, 2024.

The threat actor, whose alias on the site is ‘Ynnian,’ has titled the post “University Databases” uchicago.edu/ duke.edu / princeton.edu / stanford.edu.

The post features a long leak date from 2021 to 2024. The post itself was created on the 5th of March 2024.

It’s not uncommon for academic institutions to suffer data breaches, as these institutions handle a large amount of personal and highly valuable information regarding faculty and students.

In recent years, there has been a multitude of cyber attacks aimed at universities. These include an attack on Carnegie Mellon University and on Indiana University that exposed 250k user records.

According to exclusive research by Cybernews, many universities worldwide, including some of the most prestigious, leave their web pages unpatched, leaking sensitive information and even open to full takeovers.

These lax cybersecurity practices demonstrate the need for more advanced measures in universities and academic institutions.

The validity of Ynnian’s claim remains unknown. However, if the information is accurate and the threat actor does have access to a host of personal information from top US universities, it could have far-reaching implications for staff, students, and faculty at Duke, Princeton, Stanford, and the University of Chicago.

ADVERTISEMENT

Cybernews has contacted all universities for comment.