Harvard GSAS Site Hacked

[JordanJames]

Harvard Web site hacked, database on file-sharing site

by Jeremy Kirk

Feb 18, 2008 10:01 am

One of Harvard University's Web sites appeared on Monday to have been hacked, with its contents appearing on the BitTorrent file-sharing network.

A compressed 125 M-byte file claiming to be the database for the Web site of Harvard's Graduate School of Arts and Sciences is available via the BitTorrent P-to-P (peer to peer) network. The file is listed on The Pirate Bay, a Web site that indexes torrents, or small information files that coordinate the download of content from other users on BitTorrent.

The Web site for the Graduate School of Arts and Sciences was offline on Monday.

A note attached to the torrent claimed the file contained a backup of the site -- including some contacts files and other files associated with Joomla, an open-source content management system -- along with other various bits. It appears to be legitimate.

The note's writer claims the stunt is intended to demonstrate the insecurity of Harvard's server. The writer also exposed what purport to be usernames and passwords belonging to two of the site's system administrators.

"Stupid people, you don't use a secure password," read a note preceding the sensitive information.

As of Monday afternoon, the compromised file was being distributed by 11 users -- known in file-sharing terminology as "seeders" -- and was being downloaded by nine "leechers," or those downloading the files.

Harvard's media office was closed on Monday due to a national U.S. holiday.

http://www.macworld.com/article/132143/ ... rvard.html

[snowcapk]

Anyone know whether our personal information has been leaked?

Should have paid by check...should have paid by check... :shock:

[bgk]

Thanks Ammar!

Interesting story!

[nike of samothrace]

What's really disturbing is that a quick Google search turns up the hacked file only about 3 results from the top.

And the Boston Globe hasn't said a word - I hope they're working on a story. I want to know what Harvard has to say for themselves!

[amanda1655]

What kind of information is on there? I checked my credit card account, and no new charges but I am worried about my other information. I am half-tempted to download the file to check to see how much information about me, if any, is on there. Now I wish I hadn't applied to Harvard.... I probably won't go there even if accepted and now my information has possibly been hacked.

[rising_star]

Well, that makes me glad I didn't apply to Harvard!

[JordanJames]

I don't think they gained access to applicant information because the admissions application goes through the Embark website. I really hope I'm right.

[jaw17]

Does anyone know whether this will have any effect on the admissions process (e.g. slowing down their ability to process and send letters)? I'm not so much worried about the security leak as the delays that could be incurred if they're taking servers offline.

Selfish, I know...

[supertaco]

I just now got an email from Harvard grad admissions. They said that "no confidential or personally identifiable data was compromised" and that the only compromised data included the "Graduate School's website files" which did NOT contain information about its students or applicants.

[eve2008]

Hmmm...how come I didn't get an email?

[nike of samothrace]

neither did I! That's pretty nervewracking...