(NWH), one of the hacking crews participating in the Anonymous #OpAfrica campaign, leaked over the weekend details obtained after hacking and then defacing the website of the University of Limpopo from the town of Polokwane, South Africa.
The group seems to have carried out the attack last Friday, May 13 when the University’s website was defaced with a message that promoted the principles behind, and another, not-so-friendly message for the University’s admin.
At the time of writing, the defacement message was removed, but the University’s website is inaccessible.
New World Hackers: This isn’t the last data dump for #OpAfrica
Softpedia contacted the NWH crew who revealed the hack has been carried out by their member SinfulHazeCE. The group also wanted to get the following statement out.
“A university has experts who should know how to secure a website,” an NWH representative told Softpedia. “They should know not to code their website with vulnerabilities all over the place.”
The group also told Softpedia that other data dumps are in the works, also part of #OpAfrica, which they’ll reveal in the coming weeks.
A look at the leaked data
NWH organized the data in four different links. The first URL pointed to a file repository on Mega.nz, where the group stored files stolen from the University’s intranet.
Two directories are included. The first is named “Exam Papers”, includes 1,978 PDF files totaling almost 1.08 GB and containing exam tests.
The second folder is called “intranet pdf’s”, contains only 21 files totaling 35 MB and is mainly made up of promotional materials and various PowerPoint presentations. None of them seem to contain any sensitive information.
The second link pointed to a paste file where the hackers claim to have leaked details on 18,545 current students. Data includes details such as first and last name, date of birth, faculty, department, academic year, campus code, qualification, and student number.
The third link pointed to another paste containing the details of 16,383 university alumni. The data in this link included details such as first and last name, gender, date of birth, faculty, department, academic year, qualification, and student number.
The fourth link was another paste which contained what looked to be the fixed and mobile phone numbers from various internal faculty departments. We found 1,700 entries on this list, and some of this information is public available.
Further, the group also leaked what looks to be the University’s admin username, email, and password (hashed and in cleartext).