A Pakistani Penetration Tester discovered that personal information about the students is being shared online in hacker forums.
Apparently, the data consists of names, general addresses, and phone numbers of hundreds of thousands of Kenyan students.
Kenyan Students Data Hacked and Put Online
This issue dates back three years ago when the tester found the vulnerability in many university websites. According to him, the data from MKU includes records of 211,373 students. This includes both past and current students
He says that with the universities, for example, ABU Zaria, a Nigerian based university, all he needs to do is type in portal.abu.edu.ng on his browser along with a few other characters and he easily sees the bugs.
He says he reported this to the universities a long time ago but only a few responded. Neither Mount Kenya University nor ABU, Zaria did anything about it.
3 years down the line, he performs another test in hopes of some changes but to his dismay… nothing.
Unfortunately, Mount Kenya University and ABU’s website still haven’t patched the flaws.
For Mount Kenya University, 211,373 students are affected. According to the tester, hackers have already shared some of the data in various online hacker forums.
Here is an image of a CSV file in a hacker forum in mid-May. It contains 1,525,787 lines of data in names, addresses, and phone numbers of Kenyan students.
This means that other institutions may have also been affected by this and not just MKU’s database