Hackers outsmart Oxford Uni career progression platform – student data potentially compromised

The platform is called CareerConnect, it is a central hub where students, graduates, employers, and career advisers can find things like job listings and employer profiles. It is developed by a company called GTI, on a technology called targetconnect.

In a press release published last week on the Oxford University Careers Service website, it was said that in the last days of May, an unauthorized third party used a security vulnerability to access users’ first names, last names, and email addresses. For users who do not sign in using the Single Sign-On (SSO) feature, encrypted passwords were stolen as well.

Passwords invalidated

“Students use their SSO to sign in to CareerConnect which means their passwords are not affected,” the announcement reads. “Only names and e-mail addresses would have been acquired in the breach.”

GTI said that alumni, research staff, and employers, were using CareerConnect with a password set locally, and since these were most likely compromised, GTI invalidated them. These users will be asked to set a new password on their next login.

“There is no evidence that course information, uploaded files, appointment information, or financial information were involved in this incident,” the announcement further reads. “GTI has stated this breach appeared to be focused on gathering credentials which may lead to phishing attempts.”

The breach happened in the third-party system, Oxford said, stressing that there is no evidence of compromise to University systems. Students’ passwords, as well as financial information, are most likely not affected.

The identity of the attackers, or the number of victims, have not been disclosed. We don’t know if the crooks attempted to extort the university. GTI has since confirmed that the bug was fixed, and that “additional security measures” have been introduced to prevent similar occurrences in the future.

Via The Register