ProctorU, a proctoring platform for online exams, has disclosed that it was the victim of a major data breach. ProctorU allows teachers to ensure that students don’t cheat when they take part in online exams.
The firm was one of 18 organizations who have had databases containing 386 million records stolen by hackers since January. In late July, all the databases were offered for free in online hacker forums.
- The best antivirus software to keep you and your devices safe
- Best VPN: add an extra layer of security with a virtual private network
- Just In: OnePlus Nord already has a big display problem
A wider breach
The ProctorU database apparently contains the details of 444,000 people, including names, home addresses, emails, cell phone numbers, hashed passwords and organization details, according to Bleeping Computer, which had a look at the stolen information. Presumably, the majority of records pertained to current or recent college students.
Last week, ProctorU confirmed that there had been a data breach in a tweeted response to the University of Sydney's student newspaper.
ProctorU has confirmed that on July 27, 2020, a user on a web forum offered to share data files containing approximately 444,000 records. These records were from 2014, and did not contain any financial information. ProctorU has disabled the server, terminated access to the...August 6, 2020
A subsequent ProctorU blog post repeated the tweeted information, asserting that "the records were from 2014, and did not contain any financial information."
However, Bleeping Computer said the database contained email addresses associated with educational establishments including UCLA, Harvard, Princeton, Yale, North Virginia Community College, University of Texas, Columbia, UC Davis and Syracuse University, among others. There were also email addresses associated with the U.S. military.
Several years worth of data
BleepingComputer claims to have come across the details of people who signed up for ProctorU in 2012, 2013, 2014, 2015 and 2017.
ProctorU's blog post said that "ProctorU has disabled the server, terminated access to the environment and is investigating this incident.”
It added, “ProctorU has implemented additional security measures to prevent any recurrence. We have begun notifying affected universities and organizations and will continue to do so.”
To minimize the damage from a data breach, you should set strong passwords, never reuse passwords for different websites, enable two-factor authentication wherever possible and use one of the best password managers.
“Although the majority of the exposed data seems to be old, there is always a risk much of this data is still valid to day and of interest to cybercriminals," Jake Moore, a security specialist at ESET, told Tom's Guide.
"Some of the passwords used years ago for some of these accounts may still be used today for other linked accounts," Moore added. "It is vital that those affected check their accounts and make sure all their passwords are unique and long. Breached data, however old, has a value to a hacker especially when financial data and password data has been stolen.”
- More: Stay anonymous without the spend with a cheap VPN
