Prestigious Russian university puts student data at risk

Updated on: 08 June 2023

Paulina Okunytė
Journalist

Bauman university data leak — By Cybernews

Bauman University, the second oldest educational institution in Russia, had its internal system exposed, putting student data at risk.

Primarily based in Moscow, Bauman Moscow State Technical University is the second oldest university in the country. The university's history and prestige make it a highly sought-after choice among students.
A publicly accessible environment file (.env) exposed the university’s sensitive credentials, giving threat actors access to the university’s database and official communication channels.
Attackers could’ve exploited the leaked credentials for spear-phishing campaigns, identity theft, fraud, and ransomware attacks.
Cybernews contacted Bauman University, and the issue was fixed.

The Cybernews research team discovered a misconfiguration on Bauman University’s website, which exposed sensitive credentials and would’ve allowed threat actors to enter internal systems and exploit user data.

The website hosting the misconfiguration serves as an application platform for prospective students seeking bachelor’s or master’s degrees at the institution.

Data leaks like this serve as a stark reminder of the importance of top-notch cybersecurity measures, especially with educational institutions recently being the primary targets of ransomware attacks.

Cybernews contacted Bauman University multiple times, and the issue was fixed. The university has not responded to media requests for comment regarding the security measures they’ll implement to reduce the risk of future data leaks.

Access to internal systems

On March 29th, 2023, the Cybernews research team discovered a publicly accessible environment file (.env) belonging to the Mytishchi branch of Bauman University. Mytishchi hosts two faculties — the Faculty of Forestry and the Faculty of Space.

According to IoT search engines, the file has been publicly accessible since January 31st, 2023. One piece of sensitive information revealed by the environment file was database credentials. Exposing these credentials is hazardous and involves various risks.

For example, if malicious actors were able to exploit the credentials, they would’ve gained access to database content. Due to legal reasons, our researchers were unable to check the content for themselves. However, it’s highly likely that it contained sensitive student data.

And despite the database being hosted on a local server, a proficient hacker could still have gotten inside and extracted what they wanted.

Another piece of sensitive information exposed by the file was admin login credentials to the electronic application system for prospective students.

Unauthorized access to this platform might’ve resulted in the theft of student data. Malicious actors would then be able to view study applications, likely including a treasure trove of personal data such as passport information, addresses, contact details, previous studies, and grades.

Hijacking official communication

The environment file also exposed the Simple Mail Transfer Protocol (SMTP) credentials of the lead developer at the university.

A malicious actor could’ve utilized a trusted email account to compromise an official communication channel, enabling them to send phishing emails to university students, personnel, external parties, and possibly other developers.

The exposed keys might’ve allowed a threat actor to access previous communication potentially containing sensitive information.

Leaked data:

Database credentials

SMTP host, username, and password

Admin login credentials to the electronic application system for prospective students

Multiple risks

Exposing the environment file with sensitive credentials creates multiple cybersecurity risks, with students and faculty members being the main targets.

If malicious actors had used the credentials to access the university’s internal systems, they could’ve stolen private data and used it for crafting well-targeted spear-phishing campaigns, identity theft, and fraud.

Additionally, the university faces the looming specter of a ransomware attack. The potential consequences of a successful ransomware attack on the institution could disrupt critical operations, jeopardize sensitive data, and inflict significant financial and reputational damage.