Online exam tool ProctorU admits breach after hackers leak its database

ProctorU database containing 444,267 accounts was leaked by ShinyHunters.

 

ProctorU database containing 444,267 accounts was leaked by ShinyHunters hackers on July 27th, 2020.

A data breach has affected almost half a million users of an online examination tool ProctorU, which is widely used by educational institutions worldwide.

The hackers from the Shiny Hunters group has published the database online, exposing details of 444,267 users, Hackread.com can confirm.

The tool provides automated and live online proctoring services to professional and educational institutions. It is developed by an American firm ProctorU.

The records, as seen by Hackread.com belong to different institutions, companies, and registered ProctorU users. The exposed database is part of a much extensive data exposure by the ShinyHunters hacker group.

Reportedly, there are 386 million user records that ShinyHunters have posted online within a week including WattPad, Dunzo, Dave.com, Couchsurfing, Bhinneka, Minted, etc.

 

The compromised database on the other hand contains sensitive information, including usernames, full names, phone numbers, complete residential addresses, and password hashes.

Online exam tool ProctorU suffers data breach; 444,000 user accounts leaked
Screenshot from leaked ProctorU database (Image: Hackread.com)

Along with that, the database contains email addresses from:

University of Illinois Urbana-Champaign
The University of Texas at Arlington
Rochester Institute of Technology
QA Ltd, UK’s digital education and skills providers

The University of Melbourne
McNeese State University in Lake Charles, Louisiana
The Swinburne University of Technology
Education | Bloomberg Professional Services
The University of Tasmania
The University of Queensland
The University of New South Wales
James Cook University
The University of Western Australia
Adelaide University 
Curtin University
The University of Sydney staff members and several other educational institutions.

 

The University of Sydney had engaged the American firm to oversee online exams for the current semester, as educational institutes worldwide have switched to online learning because of the COVID-19 pandemic.

After the news of the data breach broke, the university issued a statement to Honi on August 5:

“We are aware of recent reports of a cybersecurity incident impacting ProctorU, and have been in contact with them to confirm the circumstances of the alleged breach and whether any University data has been impacted.”

 

Critics have pointed fingers over the university for its shoddy use of the tool, considering that ProctorU’s use violates student privacy laws. It is argued that ProctorU’s supervision tactics used on students undertaking exams are highly invasive.

The tool requires students to show their rooms on camera, and proctors can remotely control the computer devices used by the students to give exams. This practice makes it probable to transfer user data to third parties without the user’s consent.

It is worth noting that the Students’ Representative Council had already urged the University of Sydney not to engage ProctorU. Now that the data breach has occurred, the council’s president Liam Donohoe released a statement claiming that the organization is ‘extremely troubled’ by the news.

 “We consistently warned the University that this could happen. We demand the University immediately suspend the use of ProctorU, as that is the only way to guarantee that students are not exposed again in the future,” Donohoe stated.

 

On August 6, the university’s spokesperson confirmed that they met with ProctorU’s CEO to investigate the issue, and the company has agreed to investigate the breach of confidential data.

Online exam tool ProctorU suffers data breach; 444,000 user accounts leaked

Update: 

ProctorU has concluded its  investigation into the breach and issued a statement stating that:

“If you did not have an account with ProctorU as of March of 2015 or before, your information was not affected. The records did not contain any financial information, social security numbers, government-issued IDs, or test session recordings.”

For more, you can visit the security update issued by the company.

Did you enjoy reading this article? Do like our page on Facebook and follow us on Twitter.

Total
0
Shares
Related Posts