Re: EDUCAUSE Breach discussed in online hacking zine

[Chris Argeros <ChrisA () HOUSING UFL EDU>]

I'm noticing that not only are passwords attached to this article, but also it appears they dumped the credit payment 
database. How well was this information encrypted and I assume the affected parties have already been contacted?

Thanks,
Chris



Chris Argeros | Assistant - Network Security Administration
University of Florida Department of Housing and Residence Education
PO Box 112100 | Gainesville, FL 32611-2100
office 352.392.2465 | fax 352.392.6819 | ChrisA () housing ufl edu
Please consider the environment before printing this email.

-----Original Message-----
From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Justin 
C. Klein Keane
Sent: Tuesday, May 07, 2013 3:01 PM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: Re: [SECURITY] EDUCAUSE Breach discussed in online hacking zine

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hello,

  the 'zine contained dumps and bragging by the responsible parties, as well as actual articles.  The publication was 
also broadcast via the Full Disclosure mailing list (http://seclists.org/fulldisclosure/2013/May/25).  The zine can be 
found at http://straylig.ht/zines/HTP5/ in case anyone would like to review the data disclosed.

Justin C. Klein Keane, MA MCIT
Security Engineer
University of Pennsylvania, School of Arts & Sciences

The digital signature on this message can be verified using the key at 
https://sites.sas.upenn.edu/kleinkeane/pages/pgp-key

On 05/07/2013 01:29 PM, Matthew Milliron wrote:
> Hello all,
>
>
> It came to our attention yesterday that an online hacking zine posted
> an article about both the MIT hacking event and the EDUCAUSE breach
> that occurred earlier this year. The information was then shared via
> Twitter. As we disclosed in our February announcement, the hackers did
> access EDUCAUSE data in the earlier incident. This recently discovered
> article includes a dump of EDUCAUSE data. The data set includes
> information about the .edu domains, such as pre-breach account
> passwords. Those passwords were deactivated at the time of the breach.
> The domain contact information has always been publicly available via
> the .edu Whois directory.
>
> There has not been another breach nor is any of the data different
> than what we had known in February. If you have any questions, please
> contact me at mmilliron () educause edu<mailto:mmilliron () educause edu>.
>
>
> Best,
>
> Matthew
>
>
> Matthew Milliron, Ed.D. Chief Information Officer
>
> EDUCAUSE<http://www.educause.edu/> Uncommon Thinking for the Common
> Good 282 Century Place, Suite 5000, Louisville, CO 80027 direct:
> 303.939.0305 | main: 303.449.4430 | fax: 303.440.0461 |
> educause.edu<http://www.educause.edu/>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.13 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iQIcBAEBAgAGBQJRiU+HAAoJEIH7slQlJAgKseoQAII0dSC/K8YzYdxvmbQ/2rSW
BvbesRWZ4KmRgmkHvPlZbnIZIKszs8Ac+dFD4Pqdi8dPvSnHodCBJikx20yMumx6
5TEq1HRCh3PhC28c7a6EKym70cN2McnVwoUJsE1lUWBRfqkzOTkn+Dy+rgbltgP1
TYz6jIrMiIdEQAw5oTy9GdMpGq6q82Gr3ivJrYIL5lPt6Z2iqr/PfgIxU8DNArmT
VxMKM++ixSOqM63VchvsDCqWk4TfNmrMSF5HoJO/gaGu2FFiEZvoyVUrZKO3nY/7
BJaNVVE38XkG70XJz5utjAddG41uPd+RhlBrl8mzy2LRDabADQSNtkHlLyKREYQe
WA06GhA+dH4J9ABLEIzMZUnEWJqr1qtBHHNyX0wzeqH+pcImC4vwPxRPkZgaIfzf
DCVj/34sd1W5vuAPPaFEAP/e0i5g6f4s0JZspTqXUGOFVQXelK761RYz5718aVuQ
mX0U2pio/DLkKPwRpoA4kOqtkgJGUZl2lHvpqR2bnIQS6TaMZJowZi/HCH9m9cgp
5yikVPpdFBlPQWieOltmylBknPULf7HHjzlccV/YNBD/ZQgIUsLjScsOmPORKcAl
o3187l6tc/er4gc4rywwOSpqhHnpr6OS68jdGrJ9HLG7rq2W4w+zHJ00x+cG8P8K
XB/fPWOThT83f2q3Xyzg
=D19x
-----END PGP SIGNATURE-----