Cryptolulz666 gained access to user data, including emails, passwords, phone numbers, and security questions, by breaking into the Indian Institute of Technology Kharagpur's database.
The hacker claimed to have access to over 12,000 users' data, but he only disclosed a small percentage of it on Pastebin as evidence of the attack.
The hacker draws attention to the companies' lax security once more. His goal is to make the authorities aware of this.
Although there were around 12555 users in the database, the hacker only disclosed less than 25% of it because the organisation could face legal action for this information disclosure.
Source: https://securityaffairs.com/54526/data-breach/indian-institute-of-technology-kharagpur-hacked.html
TPRM report: https://scoringcyber.rankiteo.com/company/indian-institute-of-technology-kharagpur
"id": "ind253131123",
"linkid": "indian-institute-of-technology-kharagpur",
"type": "Breach",
"date": "12/2016",
"severity": "60",
"impact": "3",
"explanation": "Attack with significant impact with internal employee data leaks"{'affected_entities': [{'customers_affected': 12555,
'industry': 'Education',
'location': 'Kharagpur, India',
'name': 'Indian Institute of Technology Kharagpur',
'type': 'Educational Institution'}],
'attack_vector': 'Database Intrusion',
'data_breach': {'number_of_records_exposed': 12555,
'personally_identifiable_information': True,
'type_of_data_compromised': ['emails',
'passwords',
'phone numbers',
'security questions']},
'description': 'Cryptolulz666 gained access to user data, including emails, '
'passwords, phone numbers, and security questions, by breaking '
"into the Indian Institute of Technology Kharagpur's database. "
"The hacker claimed to have access to over 12,000 users' data, "
'but he only disclosed a small percentage of it on Pastebin as '
'evidence of the attack. The hacker draws attention to the '
"companies' lax security once more. His goal is to make the "
'authorities aware of this. Although there were around 12555 '
'users in the database, the hacker only disclosed less than '
'25% of it because the organisation could face legal action '
'for this information disclosure.',
'impact': {'data_compromised': ['emails',
'passwords',
'phone numbers',
'security questions']},
'motivation': 'Drawing attention to lax security and making authorities aware',
'threat_actor': 'Cryptolulz666',
'title': 'Data Breach at Indian Institute of Technology Kharagpur',
'type': 'Data Breach'}