About 100 students were affected by the incident
Network security and ethical hacking specialists from the International Institute of Cyber Security report a vulnerability in one of Stanford University online systems that allows students to visualize their records gave one of the students the ability To see the grades of other students’ high school education.
The leaking key, apparently, was to request in advance access to the university’s admission documents under the Family Education Rights and Privacy Act (FERPA).
According to network security specialists, a large variety of data was filtered due to vulnerability. Among the compromised information can be found:
- Students’ Social Security numbers
- Ethnic origin
- Criminal records
- Standardized test scores
- Scholarship applications
While the research was carried out, a student was able to access information about 81 of his classmates, and other investigators found information pertaining to another dozen students. The compromised information was filtered through a URL; Stanford University states that each of the 93 students affected during the incident will be notified directly.
The compromised system, called NolijWeb, was recently updated, commented the network security specialists. Student researchers and the Stanford University Gazette complied with the protocols established by the cybersecurity community to report vulnerability and data breach.
Since the incident was detected, the IT team at Stanford University disabled the NilikWeb system, which allowed access to the records of other students. In addition, the educational institution suspended online access to FERPA’s documents, at least until the investigation of the incident ends.
He is a well-known expert in mobile security and malware analysis. He studied Computer Science at NYU and started working as a cyber security analyst in 2003. He is actively working as an anti-malware expert. He also worked for security companies like Kaspersky Lab. His everyday job includes researching about new malware and cyber security incidents. Also he has deep level of knowledge in mobile security and mobile vulnerabilities.