ProctorU Confirmed Data Breach
ProctorU is an invigilation software that checks for cheating in an online exam. It’s used by several universities and companies around the world for conducting online exams and uses the test taker’s system microphone, webcam, and its installed software for monitoring his behavior throughout the session. It may ask for looking at your surroundings and desk in case of any suspicious behavior. The company has recently confirmed a data breach into its systems, after being asked by a student newspaper group from Australia’s University of Sydney. In a tweet replying to Honi Soit, ProctorU said it a user on web forum has offered to share about 444,000 records of ProctorU, which contained identifiable information about its users from 2014. Further, it terminated the access and closed the concerned server immediately, and also implemented additional security layers for avoiding a recurrence of the same. This incident matches with the story published by BleepingComputer earlier, which reported that a hacker group called ShinyHunters has leaked stolen details of 18 companies (including ProctorU) in a forum for free! The Honi Soit has asked ProctorU referencing this incident, where the company has confirmed it eventually! The samples of data leaked were analyzed by BleepingComputer, and found the details like full names, email addresses, addresses, hashed passwords, phone numbers, their affiliated organization, and other information available. Users belonging to UCLA, North Virginia Community College, Harvard, Yale, University of Texas, Princeton, UC Davis, Syracuse University, Columbia, and many more are impacted by this. There are even emails of members in the US military found in the database! And the data was from 2012 to 2017 as the latest.