-
A hacker breached a UC Berkeley college website, stealing personal data of students and staff and selling it on the dark web for $800.
-
The attack exploited months of “persistent external attacks” on the server, forcing two college websites offline for over two weeks.
-
Campus officials claim no highly sensitive data was compromised and state they will follow all legal notification requirements.
A UC Berkeley college website was hacked. The stolen data has been sold online for just $800. The breach leaked personal information of students and staff. Campus officials are still investigating the full scope.
The $800 Dark Web Sale
A few weeks before classes started, someone using the handle “ByteToBreach” posted on a dark web forum advertising a “university database.” The listing claimed it included names, usernames, hashed passwords, and payment info for both students and staff.
The hacker even messaged The Daily Californian, confirming they’d sold the entire database to an anonymous buyer for $800. The data came from the backend servers of the Rausser College of Natural Resources, and the Energy & Resources Group got caught up in the mess, too.
Campus spokesperson Janet Gilmore said the IT team first found out about the breach on July 31—the same day the dark web post popped up. She said the attack relied on relentless external pressure over several months.
Website Shutdown and Investigation
The fallout was immediate. The CNR website went dark for 13 days, and the ERG site stayed down for 17. Gilmore says the university’s locked the hackers out and both sites are running again, this time with better security.
Investigators managed to grab a sample of what the hacker stole. It included names, phone numbers, home addresses, emails—plus some password information. Gilmore explained that only admin and content contributor account passwords got compromised—they disabled those accounts as soon as they found out.
The university called in an outside expert to figure out what really happened. Right now, there’s no sign of identity theft, but they’re still looking into it.
Hacker’s Motives and Methods
ByteToBreach didn’t mince words about the school’s security, calling it “below average.” The hacker disclosed that they originally attempted to extort money from the university, but didn’t get a response. Gilmore, for her part, stated that the university did not receive a ransom demand, and they found out about the hack when the stolen information was released onto the internet.
As for how they got in, ByteToBreach said they exploited a vulnerability in the server’s phpMyAdmin system—a pretty standard tool for managing site databases. When they were asked why they attacked a university, the hacker dismissed it and said dark web buyers choose more delectable targets such as banks or hospitals.
Broader Implications and What’s Next
This breach isn’t unique. Hackers love to take advantage of known holes in widely used software, and once they’re in, personal data quickly turns into cheap merchandise online.
Gilmore says the university will follow all federal notification laws, including FERPA (Family Educational Rights and Privacy Act). ByteToBreach, though, sounded pretty jaded about the whole thing, claiming that “all hacked companies minimize the impacts of security incidents.”
For now, the UC Berkeley community is still waiting to hear exactly what was taken. The university has promised to alert anyone affected, as required by law. The whole episode is just another reminder that big institutions are always in hackers’ sights.
