Rankiteo Blog

University of Kashmir, Srinagar

Jeremy C -

A data breach at the University of Kashmir has potentially exposed the personal information of over 1 million current and former students of the varsity and employees.

It made their personal data available on the dark web.

The alleged database of Kashmir University students has been put on sale for just $250 on a hacking forum by a username “ViktorLustig”.

The threat designer had shared a database index on the illegal forum to show the legitimacy of the data he has in his possession.

As a result of the attack, some files stored in the program of the University were illegally accessed.

It potentially exposed data including personally identifiable information for current, former students and employees that included names, registration numbers, addresses, dates of birth, phone numbers, employee data, password, email addresses and more.

The threat has been deleted from the hacking forum but the profile of the threat actor “VictorLustig” is still active on the forum.

It is pertinent to mention that the deleted post is still available in the Google search index, creating a serious threat to the privacy of Kashmir University students and employees.

The breached data includes a database of Kashmir University’s UG 3rd year with 3,47,421 entries including admit card details and other details ranging from year 2015 till 2021.

The second database includes details of UG 2nd year that has 2,72,070 entries including a variety of data from admission year 2015 till 2021.

Third database is based on “Iqbal Conference” which has 196 entries including registration fees and many other details.

Another category titled, “MASTER” has 2509 entries.

A database titled “eSolBCABBA” has 57,772 entries including details of membership, payment applications, department contacts, entrance roll numbers, payment form details and many more.

A database titled, “Users” has 38,049 entries.

The threat actor also created a “eSolDataBaseKupwara” that has 57,300 entries with alleged payment details and more.

Database titled, “MPharma” has 1,71,139 and “eSolDatabaseDistance2019” has 1,08,229 entries allegedly including roll numbers and payment details.

A database with “eSolDataBase2018” title has 3,87,445 entries and “eSolDataBase” has 3,47,968 entries. A database with tagline “eSolMCME” has 1,69,846 entries.

Source: https://kashmirobserver.net/2022/08/10/kashmir-university-hacking-data-of-1-million-students-found-on-dark-web/

"id": "UNI150171022",
"linkid": "kashmiruniversity",
"type": "Cyber Attack",
"date": "08/2022",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"