A hacker going with the online handle of Kuroi SH hacked and defaced several domains of the United States based Uniformed Services University and leaked 2014 login credentials online.
Uniformed Services University (USU) is the country’s only Federal Health Sciences University whose primary mission is to prepare graduates for service to the U.S. at home and abroad in the military’s medical corps. It also provides training to military physicians, nurses and educators.
The hacker uploaded a deface page on 8 of the USU websites on which a database of all the websites, names, emails and clear-text passwords of those working for the university are held.
The leaked emails are hosted on @usuhs.mil, @us.army.mil, @med.navy.mil, @us.af.mil email@example.com.
After scanning the data, we have found it to be authentic and had previously never been leaked online.
The hacker also claims to have access to 45,000 military emails. However, the leaked file only contains 2014 emails and passwords.
[must url=”https://www.hackread.com/isis-affiliated-hackers-hack-us-govt/”]ISIS Affiliated Hackers Leak Hacked Data of 1500 U.S. Military, Govt Personnel[/must]
In an exclusive conversation with the hacker, HackRead was told that the breach was conducted in support of Palestine.
Links of all targeted domains along with their zone-h mirrors as a proof of hack are available here.
Impact of this breach:
The website of Uniformed Services University is a high-profile one containing sensitive information of military officials along with internal conversations.
What makes it worse for the USU is that the login credentials were stored in plain-text passwords which can be further used for phishing scams and/or to hack the social media accounts in case the same email and passwords. The practice of using same passwords is common these days.
Another bad news for the USU is that currently the mirrors of all targeted websites are on hold on Zone-h, once accepted it will be impossible for the university to hide the leaked data from the eyes of public.
At the time of publishing this article, all targeted domains were offline.
We have contacted the USU for their version on the security breach, stay tuned.