-
A cybercriminal has posted the personal information of 46,160 Andhra University students and employees on a dark web forum.
-
Cybersecurity experts have investigated this breach to be linked with the Edusphere Platform, a digital services partner with an expired SSL certificate.
-
Cybersecurity experts also believe that the compromised academic records offer an excellent means for conducting phishing, financial fraud and identity theft.
A cybercriminal posted the personal information of over 46,000 Andhra University students and staff on a dark web forum this week.
The threat actor claimed the database contains comprehensive records from the Indian institution. The dump includes everything from full names and contact details to digital signatures and photographs.
Hackers Strike a Month Before Public Release
The threat actor published the alleged database on Tuesday. However, early forensic analysis shows hackers compromised the system roughly a month earlier. That gap between the actual breach and the public dump creates a dangerous window.
Bad actors had weeks to exploit this information before anyone knew it existed. Criminals may have already begun using the stolen information for specific attacks against students and staff members during the silence that took place.
The exposed file contained not only full names, birthdays, phone numbers, emails, and enrolment numbers but also program name, father’s names, residential addresses, batch details, and academic validity period.
The database also contained direct links to both student photographs and digital signatures. While the data may appear to be random when viewed from an individual’s standpoint, they actually fit together like pieces of a puzzle.
Cybercriminals have everything they need to completely take on the identity of someone else by having these individual pieces in their possession. Biometric data such as photographs and digital signatures make this breach even more serious, as criminals can take these particular pieces and execute identity theft or impersonation attacks with incredible ease.
Security Failure Points to University Partner
Cybersecurity investigators pointed their analysis toward Edusphere Platform, a technology partner providing digital services to Andhra University. Security researchers flagged the company’s website, edusphere.in, as the probable entry point. For quite a long time now, the platform has been operating with an expired SSL certificate.
When an SSL certificate expires it does not throw away the encryption that secures all communication between its website and its users. Without encryption, an attacker can more easily intercept communications that are not secure, gain access to unsecured data pipes and create breaches into multiple systems due to the lack of protection lapse. Security professionals have said that an expired certificate is like leaving your digital front door wide open.
Andhra University has not put out a full disclosure about the extent of the breach, while Edusphere Platform has also not yet publicly disclosed any concrete actions that they are taking to help mitigate the extent of the damage or prevent future incidents.
Students Face Immediate Threat
Cybersecurity analysts warned that information on academic credentials, biometric data, and contact information has been exposed and is being used by criminals on criminal forums.
This pattern of educational data being weaponized on the dark web is not limited to India; just recently, hackers claimed to have put 58 million Indonesian students’ data up for sale, demonstrating that institutions across Asia are being systematically targeted and their students’ identities commodified on a massive scale.
Hackers now have access to all the tools they need to carry out sophisticated phishing attacks, perpetrate financial fraud, create clones of identities, and impersonate either students or employees in targeted cyber attacks.
Analysts say, ‘By exposing personal and/or academic information, criminals can apply it to commit a phishing scheme, use that as an excuse for identity theft, or use this information to trick another student or employee into supplying sensitive information.’
In addition, these analysts recommended that anyone impacted by this breach should take immediate steps to protect themselves.
Analysts said organizations must treat SSL certificate renewals and updates as core security requirements and that universities should handle these requests with the highest urgency.
This incident exposes a troubling trend we see in modern education globally. Educational institutions maintain vast databases of sensitive personal data about their students and other associated users, but a large number of these institutions store this data and operate under outdated security frameworks that expose critical information stored in this manner.
The breach at Andhra University is reflective of the many similar attacks that have occurred against academic institutions that do not have a robust security framework in place to protect sensitive information.
“The importance of performing regular security audits, complying with the data protection regulations that are in effect, and investing in modern digital infrastructure is now an absolute necessity for all institutions that store hundreds or thousands of student records,” emphasized those experienced in cybersecurity.
The most serious consequence of any institution’s failure to protect data is the harm it causes to individuals whose information is compromised.
