Personal data of over 33,000 Kannur varsity students in hackers’ forum
Kochi-based Technisanct found details while scanning dark web; five databases leaked
KOCHI: In a major data leak, details of over 33,000 students of Kannur University were found on a dark web portal. Kochi-based private cyber security firm Technisanct, while scanning dark web activities, found it available since November 18.
It was a hacker by the name- ‘3Subs’ who leaked five databases from 2018 to 2022 containing 33,040 records of Kannur University. The leaked data includes name, application number, email, password, Aadhar number, phone number, admission details and pass year. There are 321 records from 2018, 7,060 from 2019, 9,127 from 2020, 8648 from 2021 and 7,874 records from 2022 on the portal.
Nandakishore Harikumar, founder and CEO of Technisanct, said they have verified the leaked data and found that they are authentic. “We suspect that the leak happened from the university’s candidate portal. We found that the application numbers and information of students are authentic. This might have happened due to the vulnerability of Kannur University’s website. Most likely the hackers have accessed the database of the website,” he said.
The data appeared in one of the hackers’ forums on the dark web. There are credits available at the hackers’ forums using which the leaked data can be accessed. These data can also be misused for cyber crimes like phishing, identity theft, hacking and financial fraud. “It would only cost four to five cents. The data can be downloaded using the credits,” Nandkishore said.
A spokesperson of Kannur University said that no hacking has come to their notice yet. “We have no information about any data leak or hack. We also did not receive any complaints in this regard from students and others. However, we will check whether any such data leak has taken place,” he said.
Last year, Technisanct detected a leak of data containing the personal information of 4.5 million people from the public distribution system of Tamil Nadu. Technisanct regularly reports to Computer Emergency Response Team (CERT) India when such hacks and leaks come to its notice. “We have written to CERT about the new data leak on Sunday. It is up to the university to identify the vulnerabilities on its website and rectify it to prevent such leaks in future,” he said.