Anonymous individual threatens to leak UiTM student data if demand not met


  • TECH
  • Wednesday, 30 Jan 2019

An aerial view of the UiTM campus in Puncak Alam, Selangor. A massive data leak has compromised the details of over one million UiTM students. — UiTM Cawangan Selangor Facebook page

An anonymous individual, who claims to be the source that leaked the Universiti Teknologi MARA (UiTM) data breach to tech portal Lowyat.net, is now threatening to leak the data on several sites if the university doesn’t upgrade its security system.

Only known as AA, the person reached out to The Star via email, and demands that UiTM implements Secure Sockets Layer (SSL) and TLS (Transport Layer Security) security certificates on seven portals linked to the university.

The portals are the iSTUDENT Portal System, iLearn V3 Login, Electronic Question Paper System, Portal I-Staf, PRISMa, iRMIs and UiTM Consultancy Unit website.

The demand, pasted on Pastebin on Jan 29, says if UiTM doesn’t comply by Feb 4, the person will leak 100,000 student records a day on Facebook, Twitter, Instagram, Pastebin,  Telegram and WhatsApp.

On Jan 25 it was reported that the records of 1,164,540 students and alumni enrolled between 2000 and 2018 has been leaked.

The leaked student records include details like students’ names, MyKad numbers, house addresses, email addresses, campus codes, campus names, programme codes, course levels, student IDs and mobile numbers.

“It would take a basic idiot one day to implement this security measure across all the sites,” claimed AA.

The individual claimed that UiTM has failed to implement basic security measure for its online systems, describing its English Evaluation Test (EET) system as a “security nightmare” which could easily be bypassed by anyone with basic Javascript knowledge.

“The greatest disappointment is, of course, your failure to disclose the fact that there was in fact a data breach, and that millions of data have been leaked. You have decided to cover up the fact, when you should have announced it long before,” claimed AA.

A UiTM spokesperson said the university is looking into the demand.

UiTM vice-chancellor Emeritus Prof Datuk Dr Hassan Said has since denied that the university’s system was hacked, saying screenshots of the leaked data doesn’t match the formatting of UiTM’s internal systems.

“This shows that the information has been edited or manipulated by irresponsible parties, and proves that the information is not the gleaned from a hack of UiTM’s systems,” he said in a press statement last week.

Subscribe or renew your subscriptions to win prizes worth up to RM68,000!

Monthly Plan

RM13.90/month

Annual Plan

RM12.33/month

Billed as RM148.00/year

1 month

Free Trial

For new subscribers only


Cancel anytime. No ads. Auto-renewal. Unlimited access to the web and app. Personalised features. Members rewards.
Follow us on our official WhatsApp channel for breaking news alerts and key updates!
   

Next In Tech News

Google seeks to undo Epic Games antitrust win over app store
UN slams 'stubborn digital divides' keeping 1 in 3 offline
Interpol clamps down on cybercrime and arrests over 1,000 suspects in Africa
Brazil's top court takes on regulation of social media
Forget the Instagram hard launch: Are you location-sharing official?
Trump has dinner with Mark Zuckerberg at Mar-a-Lago
Bluesky says it will comply with EU rules after being called out
Amazon develops video AI model, The Information reports
Like Bluesky, Threads is attracting millions of disillusioned X users
Intel's $7.86 billion subsidy deal restricts sale of its manufacturing unit

Others Also Read