//Blogs - 06 August 2020

AusCERT mailout: ProctorU breach

An apparent data breach of the ProctorU service, apparently published by a user named ShinyHunters, has been making news in the last week, including an article yesterday in the Sydney Morning Herald. AusCERT has acquired a copy of the data and notified affected members.

ProctorU gave us the following comment:

On Monday July 27, 2020, we were made aware that some information purporting to come from ProctorU.com was posted to an internet message board. Although we are still investigating, none of the data analyzed so far from that posted data was from our active production servers and all of it was at least five years old. Therefore, we currently have no reason to believe that our active production servers or data of current clients and students from the last five years was implicated. We are continuing to investigate and will update you should that understanding change or with any additional information pertinent to you.

How bad is it?

You will need to assess it in the context of your own organisation.

It appears that none of the data is newer than 2016. It includes personal information of ProctorU users, as well as institutional email addresses, and password digests. We're not sure of the severity of the password digests - digests can be very easy or very difficult to crack depending what they incorporate. There are reports that they are bcrypt hashes.

 

Was my organisation affected?

It affects mainly educational institutions who used ProctorU prior to approximately Q3 of 2016.

We've notified affected members through their normal incident email alias. An administrator for your organisation can check in the member portal what that's set to; if it's current, and you haven't heard from us, then you're clear.

Not all our educational members are affected.

 

I've received a file and don't know how to decrypt it

Please log in to the member portal and consult this page for the passphrase.

You'll need a program like Kleopatra for Windows or GPG for Linux/Mac.

If using the command-line, enter this and type the passphrase:

gpg --output your-domain.tsv --decrypt your-domain.tsv.gpg

 

I'm encountering a GPG error when decrypting the file

GPG has some quirks. Please check the directory containing the encrypted file to see whether the decrypted file was created despite the error message.

If it's not there, please double-check the passphrase, and if that doesn't work, reach out to us at auscert@auscert.org.au and we'll assist.

 

How do I view a TSV file?

We suggest opening it in Excel or another spreadsheet program, choosing "My file is delimited", ensuring that it uses the "Tab" as a delimiter, and ensuring that columns are of type "general". Excel will default to all of these.

You're also welcome to use a command-line utility to split on tab characters.