A hacker has taken responsibility for last week's University of Pennsylvania "We got hacked" email incident, saying it was a far more extensive breach that exposed data on 1.2 million donors and internal documents.
On Friday, University of Pennsylvania alumni and students began receiving multiple offensive emails from Penn.edu addresses claiming the university had been hacked and data stolen.
"The University of Pennsylvania is a dog**** elitist institution full of woke retards. We have terrible security practices and are completely unmeritocratic," reads the email sent to Penn alumni and students.
"We hire and admit morons because we love legacies, donors, and unqualified affirmative action admits. We love breaking federal laws like FERPA (all your data will be leaked) and Supreme Court rulings like SFFA."
BleepingComputer confirmed the emails originated from connect.upenn.edu, a Penn mailing list platform hosted on Salesforce Marketing Cloud. The university downplayed the incident, describing the messages as "fraudulent emails" that were "obviously fake."
However, the threat actor behind the attack contacted BleepingComputer, claiming the intrusion was far broader and that they had gained access to multiple university systems.
The hacker said their group "gained full access" to an employee's PennKey SSO account, allowing access to Penn's VPN, Salesforce data, Qlik analytics platform, SAP business intelligence system, and SharePoint files.
They said they exfiltrated data for roughly 1.2 million students, alumni, and donors, including names, dates of birth, addresses, phone numbers, estimated net worth, donation history, and demographic details such as religion, race, and sexual orientation.
The threat actors shared screenshots and data samples with BleepingComputer and posted them online to prove that they had indeed accessed these systems and stolen data from Penn.
The attackers told BleepingComputer they breached Penn's systems on October 30th and completed data downloads by October 31st, when the compromised employee account was locked and access lost.
... continue reading