Perhaps, one of the wildest dreams of college students is to hack their school’s database and alter their grades according to their will. Of course, it’s illegal and we don’t encourage this kind of cheating (or any form of it, for that matter). However, in the latest security breach that we uncovered, a top Philippine university got compromised and the culprit behind it is claiming that he’s able to access the school’s database containing the students’ records including their grades.
Hacker Noigel Dust aka Xscyth3 managed to compromise a subdomain of Polytechnic University of the Philippines (PUP). He initially uploaded a readme.txt yesterday to probably test his access. It’s the hackers way of ‘owning’ their compromised websites. They vandalize it with their names, affiliated hacking groups and their messages. However, web administrators of PUP may have cleaned it up this morning as the path is no longer accessible. Xscyth3 then up the path RRB.php for the same purpose.
Students have started to flock to the hacker’s post. On the other hand, PUP has yet to release a statement about the breach. Their data protection officer is expected to contact the National Privacy Commision as this obviously involves personally identifiable information. We will keep this article updated as soon as we get new information.
As for the background of the hacker, Xscyth3 is currently affiliated with PureHackers, the same hacking group who compromised Frontrow yesterday. Based on his profile in cybercrime archive Zone-H, he has long records of compromised websites under his belt including the recent ones such as that of Laguna University and Department of Agriculture’s Bureau of Plant Industry Portal. Both defacements were recorded last July 18 and 17 respectively but are still up as of this writing.
- Rise of smishing attacks vs PH banks - September 14, 2020
- More scammers target ‘Wowowin’ hopefuls in FB - June 11, 2020
- Duplicate, fake FB accounts surge in PH - June 7, 2020
And they defaced lnu.edu.ph just now