{"id":2079,"date":"2012-10-04T00:00:00","date_gmt":"2012-10-04T00:00:00","guid":{"rendered":"http:\/\/otava.test\/university-of-michigan-targeted-in-data-breach\/"},"modified":"2012-10-04T00:00:00","modified_gmt":"2012-10-04T00:00:00","slug":"university-of-michigan-targeted-in-data-breach","status":"publish","type":"post","link":"https:\/\/www.otava.com\/blog\/university-of-michigan-targeted-in-data-breach\/","title":{"rendered":"University of Michigan Targeted in Data Breach"},"content":{"rendered":"
\"University
University of Michigan<\/figcaption><\/figure>\n

The University of Michigan and Michigan State University were targeted in a hack attack that included a series of top global universities – 100 of them. According to AnnArbor.com, MSU servers were accidentally hacked, as GhostShell thought they belonged to UM.<\/p>\n

Harvard, Princeton, John Hopkins, New York University and even the University of Rome and Tokyo University were on the roster of records stolen from university databases in an SQL injection by the hacker group called GhostShell.<\/p>\n

According to ZDNet.com, an information dump on Pastebin revealed 120,000 stolen records contained email addresses, passwords, IDs and student and faculty names. AnnArbor.com reports that UM servers containing information about library and maintenance programs were hacked, as well as a student government website revealing UM usernames. No sensitive information from UM, i.e., passwords, was released, as the UM Office of the Vice President for Global Communications revealed in a statement<\/a>.<\/p>\n

This case highlights yet another hacktivist group has targeted the universities to raise awareness of tuition fees, politics, teaching regulations and employment, as revealed in statement by the group. They also raise awareness to security – they claim that many of the databases had already contained malware, and that many were also storing credit cardholder data on their servers.<\/p>\n

How does an SQL injection work? SQL injections can enter a website via a form – SQL queries are typed in a form and sent as an attempt to command the database to send information to the hacker. An open port in a network firewall allows Internet traffic to access university websites, but it can also leave databases vulnerable to malicious attacks.<\/p>\n

How can you protect your organization against a similar SQL injection attack? Employing a web application firewall<\/a> (WAF) can detect and prevent these type of attacks. See the diagram below:<\/p>\n

\"Web
Web Application Firewall Diagram<\/figcaption><\/figure>\n

As a physical device sitting behind your virtual or dedicated firewall, a WAF scans incoming traffic to web servers for malicious attacks that could affect the web application server. A WAF monitors traffic and uses dynamic profiling to accept normal users and traffic while filtering out potential attacks.<\/p>\n

If the servers did contain credit cardholder data as the hacker group claims, then they should be abiding by PCI DSS, which lists a strict set of standards and technical security tools that every organization must use (if they collect, store or process credit cardholder data). And that list includes using a web application firewall (alternatives include either manual or automated code review).<\/p>\n

Hacktivism has been popularized by the group Anonymous that has hacked numerous websites and federal organizations in effort to raise awareness on the issue of Internet regulation, as demonstrated by the bill SOPA (Stop Online Piracy Act). Read more about this in Go Daddy Suffers From Significant Outage; DNS Servers Down<\/a>.<\/p>\n

Find out more about the technical security tools you can use to protect against many different types of attacks or vulnerabilities in our Technical Security<\/a> Services. No security strategy is complete without addressing Physical Security<\/a> or Administrative Security<\/a>.<\/p>\n

\n

\"PCI<\/a>Looking for more information on PCI hosting requirements, recommendations, and the foundation of a secure PCI compliant data center<\/a>?<\/span><\/p>\n

Download our PCI Compliant Hosting white paper<\/a> now for a complete guide to PCI hosting with IT vendors.<\/span><\/p>\n

Still have questions?\u00a0<\/strong>Contact us<\/a>\u00a0or\u00a0chat<\/a>\u00a0with us now. Find out more about our fully compliant, PCI\u00a0hosting solutions<\/a>, or\u00a0submit a quote request<\/a>\u00a0for your project today.<\/span><\/p>\n

\n
\n<\/div>\n

References:
\nUniversity of Michigan Servers Hacked as Part of Political Statement on Higher Education<\/a>
\nGhostShell Leaks 120,000 Records from Top 100 Universities<\/a>
\nGhostShell University Hack: By the Numbers<\/a>
\n<\/strong><\/p>\n","protected":false},"excerpt":{"rendered":"

The University of Michigan and Michigan State University were targeted in a hack attack that included a series of top global universities – 100 of them. According to AnnArbor.com, MSU servers were accidentally hacked, as GhostShell thought they belonged to UM. Harvard, Princeton, John Hopkins, New York University and even the University of Rome and Tokyo University were on the roster of records stolen from university databases in an SQL injection by the hacker group called GhostShell. According to ZDNet.com, an information dump on Pastebin revealed 120,000 stolen records contained email addresses, passwords, IDs and student and faculty names. AnnArbor.com reports that UM servers containing information about library and maintenance programs were hacked, as well as a student government website revealing UM usernames. No sensitive information from UM, i.e., passwords, was released, as the UM Office of the Vice President for Global Communications revealed in a statement. This case highlights yet another hacktivist group has targeted the universities to raise awareness of tuition fees, politics, teaching regulations and employment, as revealed in statement by the group. They also raise awareness to security – they claim that many of the databases had already contained malware, and that many were also storing…<\/p>\n","protected":false},"author":3,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[1],"tags":[],"other_category":[],"class_list":["post-2079","post","type-post","status-publish","format-standard","hentry","category-uncategorized"],"acf":[],"yoast_head":"\nUniversity of Michigan Targeted in Data Breach | OTAVA<\/title>\n<meta name=\"description\" content=\"The University of Michigan and Michigan State University were targeted in a hack attack that included a series of top global universities - 100 of them.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.otava.com\/blog\/university-of-michigan-targeted-in-data-breach\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"University of Michigan Targeted in Data Breach\" \/>\n<meta property=\"og:description\" content=\"The University of Michigan and Michigan State University were targeted in a hack attack that included a series of top global universities - 100 of them.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.otava.com\/blog\/university-of-michigan-targeted-in-data-breach\/\" \/>\n<meta property=\"og:site_name\" content=\"OTAVA\" \/>\n<meta property=\"article:published_time\" content=\"2012-10-04T00:00:00+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.otava.com\/wp-content\/uploads\/2019\/04\/University-of-Michigan.png\" \/>\n<meta name=\"author\" content=\"Irma Brillantes\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Irma Brillantes\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"3 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/www.otava.com\/blog\/university-of-michigan-targeted-in-data-breach\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/www.otava.com\/blog\/university-of-michigan-targeted-in-data-breach\/\"},\"author\":{\"name\":\"Irma Brillantes\",\"@id\":\"https:\/\/www.otava.com\/#\/schema\/person\/35774075f8f4fcdd4eae80cb72034263\"},\"headline\":\"University of Michigan Targeted in Data Breach\",\"datePublished\":\"2012-10-04T00:00:00+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/www.otava.com\/blog\/university-of-michigan-targeted-in-data-breach\/\"},\"wordCount\":619,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\/\/www.otava.com\/#organization\"},\"image\":{\"@id\":\"https:\/\/www.otava.com\/blog\/university-of-michigan-targeted-in-data-breach\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.otava.com\/wp-content\/uploads\/2019\/04\/University-of-Michigan.png\",\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\/\/www.otava.com\/blog\/university-of-michigan-targeted-in-data-breach\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.otava.com\/blog\/university-of-michigan-targeted-in-data-breach\/\",\"url\":\"https:\/\/www.otava.com\/blog\/university-of-michigan-targeted-in-data-breach\/\",\"name\":\"University of Michigan Targeted in Data Breach | OTAVA\",\"isPartOf\":{\"@id\":\"https:\/\/www.otava.com\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/www.otava.com\/blog\/university-of-michigan-targeted-in-data-breach\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/www.otava.com\/blog\/university-of-michigan-targeted-in-data-breach\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.otava.com\/wp-content\/uploads\/2019\/04\/University-of-Michigan.png\",\"datePublished\":\"2012-10-04T00:00:00+00:00\",\"description\":\"The University of Michigan and Michigan State University were targeted in a hack attack that included a series of top global universities - 100 of them.\",\"breadcrumb\":{\"@id\":\"https:\/\/www.otava.com\/blog\/university-of-michigan-targeted-in-data-breach\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.otava.com\/blog\/university-of-michigan-targeted-in-data-breach\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.otava.com\/blog\/university-of-michigan-targeted-in-data-breach\/#primaryimage\",\"url\":\"https:\/\/www.otava.com\/wp-content\/uploads\/2019\/04\/University-of-Michigan.png\",\"contentUrl\":\"https:\/\/www.otava.com\/wp-content\/uploads\/2019\/04\/University-of-Michigan.png\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.otava.com\/blog\/university-of-michigan-targeted-in-data-breach\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/www.otava.com\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"University of Michigan Targeted in Data Breach\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.otava.com\/#website\",\"url\":\"https:\/\/www.otava.com\/\",\"name\":\"OTAVA\u00ae\",\"description\":\"\",\"publisher\":{\"@id\":\"https:\/\/www.otava.com\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.otava.com\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/www.otava.com\/#organization\",\"name\":\"OTAVA\u00ae\",\"url\":\"https:\/\/www.otava.com\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.otava.com\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/www.otava.com\/wp-content\/uploads\/2025\/03\/otava-logo.svg\",\"contentUrl\":\"https:\/\/www.otava.com\/wp-content\/uploads\/2025\/03\/otava-logo.svg\",\"caption\":\"OTAVA\u00ae\"},\"image\":{\"@id\":\"https:\/\/www.otava.com\/#\/schema\/logo\/image\/\"}},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.otava.com\/#\/schema\/person\/35774075f8f4fcdd4eae80cb72034263\",\"name\":\"Irma Brillantes\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/secure.gravatar.com\/avatar\/d5251bebc1699793a698d1a6158603cb3cdc50a095a12357e42d415b3e5546c2?s=96&d=mm&r=g\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/d5251bebc1699793a698d1a6158603cb3cdc50a095a12357e42d415b3e5546c2?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/d5251bebc1699793a698d1a6158603cb3cdc50a095a12357e42d415b3e5546c2?s=96&d=mm&r=g\",\"caption\":\"Irma Brillantes\"},\"url\":\"https:\/\/www.otava.com\/blog\/author\/ibrillantesotava-com\/\"}]}<\/script>\n<!-- \/ Yoast SEO Premium plugin. -->","yoast_head_json":{"title":"University of Michigan Targeted in Data Breach | OTAVA","description":"The University of Michigan and Michigan State University were targeted in a hack attack that included a series of top global universities - 100 of them.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.otava.com\/blog\/university-of-michigan-targeted-in-data-breach\/","og_locale":"en_US","og_type":"article","og_title":"University of Michigan Targeted in Data Breach","og_description":"The University of Michigan and Michigan State University were targeted in a hack attack that included a series of top global universities - 100 of them.","og_url":"https:\/\/www.otava.com\/blog\/university-of-michigan-targeted-in-data-breach\/","og_site_name":"OTAVA","article_published_time":"2012-10-04T00:00:00+00:00","og_image":[{"url":"https:\/\/www.otava.com\/wp-content\/uploads\/2019\/04\/University-of-Michigan.png","type":"","width":"","height":""}],"author":"Irma Brillantes","twitter_card":"summary_large_image","twitter_misc":{"Written by":"Irma Brillantes","Est. reading time":"3 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.otava.com\/blog\/university-of-michigan-targeted-in-data-breach\/#article","isPartOf":{"@id":"https:\/\/www.otava.com\/blog\/university-of-michigan-targeted-in-data-breach\/"},"author":{"name":"Irma Brillantes","@id":"https:\/\/www.otava.com\/#\/schema\/person\/35774075f8f4fcdd4eae80cb72034263"},"headline":"University of Michigan Targeted in Data Breach","datePublished":"2012-10-04T00:00:00+00:00","mainEntityOfPage":{"@id":"https:\/\/www.otava.com\/blog\/university-of-michigan-targeted-in-data-breach\/"},"wordCount":619,"commentCount":0,"publisher":{"@id":"https:\/\/www.otava.com\/#organization"},"image":{"@id":"https:\/\/www.otava.com\/blog\/university-of-michigan-targeted-in-data-breach\/#primaryimage"},"thumbnailUrl":"https:\/\/www.otava.com\/wp-content\/uploads\/2019\/04\/University-of-Michigan.png","inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/www.otava.com\/blog\/university-of-michigan-targeted-in-data-breach\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/www.otava.com\/blog\/university-of-michigan-targeted-in-data-breach\/","url":"https:\/\/www.otava.com\/blog\/university-of-michigan-targeted-in-data-breach\/","name":"University of Michigan Targeted in Data Breach | OTAVA","isPartOf":{"@id":"https:\/\/www.otava.com\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.otava.com\/blog\/university-of-michigan-targeted-in-data-breach\/#primaryimage"},"image":{"@id":"https:\/\/www.otava.com\/blog\/university-of-michigan-targeted-in-data-breach\/#primaryimage"},"thumbnailUrl":"https:\/\/www.otava.com\/wp-content\/uploads\/2019\/04\/University-of-Michigan.png","datePublished":"2012-10-04T00:00:00+00:00","description":"The University of Michigan and Michigan State University were targeted in a hack attack that included a series of top global universities - 100 of them.","breadcrumb":{"@id":"https:\/\/www.otava.com\/blog\/university-of-michigan-targeted-in-data-breach\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.otava.com\/blog\/university-of-michigan-targeted-in-data-breach\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.otava.com\/blog\/university-of-michigan-targeted-in-data-breach\/#primaryimage","url":"https:\/\/www.otava.com\/wp-content\/uploads\/2019\/04\/University-of-Michigan.png","contentUrl":"https:\/\/www.otava.com\/wp-content\/uploads\/2019\/04\/University-of-Michigan.png"},{"@type":"BreadcrumbList","@id":"https:\/\/www.otava.com\/blog\/university-of-michigan-targeted-in-data-breach\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.otava.com\/"},{"@type":"ListItem","position":2,"name":"University of Michigan Targeted in Data Breach"}]},{"@type":"WebSite","@id":"https:\/\/www.otava.com\/#website","url":"https:\/\/www.otava.com\/","name":"OTAVA\u00ae","description":"","publisher":{"@id":"https:\/\/www.otava.com\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.otava.com\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.otava.com\/#organization","name":"OTAVA\u00ae","url":"https:\/\/www.otava.com\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.otava.com\/#\/schema\/logo\/image\/","url":"https:\/\/www.otava.com\/wp-content\/uploads\/2025\/03\/otava-logo.svg","contentUrl":"https:\/\/www.otava.com\/wp-content\/uploads\/2025\/03\/otava-logo.svg","caption":"OTAVA\u00ae"},"image":{"@id":"https:\/\/www.otava.com\/#\/schema\/logo\/image\/"}},{"@type":"Person","@id":"https:\/\/www.otava.com\/#\/schema\/person\/35774075f8f4fcdd4eae80cb72034263","name":"Irma Brillantes","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/d5251bebc1699793a698d1a6158603cb3cdc50a095a12357e42d415b3e5546c2?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/d5251bebc1699793a698d1a6158603cb3cdc50a095a12357e42d415b3e5546c2?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/d5251bebc1699793a698d1a6158603cb3cdc50a095a12357e42d415b3e5546c2?s=96&d=mm&r=g","caption":"Irma Brillantes"},"url":"https:\/\/www.otava.com\/blog\/author\/ibrillantesotava-com\/"}]}},"_links":{"self":[{"href":"https:\/\/www.otava.com\/wp-json\/wp\/v2\/posts\/2079","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.otava.com\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.otava.com\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.otava.com\/wp-json\/wp\/v2\/users\/3"}],"replies":[{"embeddable":true,"href":"https:\/\/www.otava.com\/wp-json\/wp\/v2\/comments?post=2079"}],"version-history":[{"count":0,"href":"https:\/\/www.otava.com\/wp-json\/wp\/v2\/posts\/2079\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.otava.com\/wp-json\/wp\/v2\/media?parent=2079"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.otava.com\/wp-json\/wp\/v2\/categories?post=2079"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.otava.com\/wp-json\/wp\/v2\/tags?post=2079"},{"taxonomy":"other_category","embeddable":true,"href":"https:\/\/www.otava.com\/wp-json\/wp\/v2\/other_category?post=2079"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}