The Princeton "University Database" that was hacked is a privately maintained Alumni Association site from the UK. It is not on the Princeton domain or associated with the University at all.
Here's an excerpt:
"Come out and suppoert Chickenshed, an inclusive theatre company based in London that brings people of all ages, backgrounds and abilities together to create groundbreaking and exciting new theatre."
Time will tell how the world will change now that this sensitive information is out in the open.
Yawn, more script kiddie antics against arbitrary targets masquerading as political activism. Maybe I'm missing something, but I don't see how this "raises awareness" about anything except TeamGhostShell's ability to do mass SQL injection.
It raises awareness not because of the technical difficult of the feat, but rather the complete opposite.
Script kiddies are incredibly important to security. I don't want to push a slippery slope argument, but the term script kiddies implies someone with no special talents (merely the right commonly available tools). SQL injections are not technically difficult.
See the problem? If private information is being leaked, if servers are being breached, and it takes no special skills, and if these servers have been hacked for months, there's obviously a fundamental breakdown in the security chain of the organization. Security is not difficult, security is not something new, security is not something you can do without. In too many cases, it takes being hacked and dumped before an organization finally realizes the dangers they've created.
If you're yawning and cracking derisively at this, I have a feeling you might be someone who needs to read this kind of news story. It's better to have the wake-up call on your news reader than on your desk with your boss standing over you.
Looks like they went for the low hanging fruit. At my university, I only see wordpress and other massively popular PHP tools. Script kiddies are at it again.
Though, there was one database (at my school) with the passwords in plaintext. Why do people use plain text for passwords. Why.
If it's anything like ours, they don't like to touch systems that 'work'... They don't have the resources to audit, update, and re-train everyone to use the current version.
Then there are the students hired to build internal tools who wouldn't know SHA1 from Bcrypt/Scrypt...
So, you took publicly available info and dumped it out to as SQL select statements. What's the point exactly? There are a couple of admin users/passes scattered in, but it would appear just gives access to said user updating said public content like vacancies, course descriptions, etc.
Here's an excerpt: "Come out and suppoert Chickenshed, an inclusive theatre company based in London that brings people of all ages, backgrounds and abilities together to create groundbreaking and exciting new theatre."
Time will tell how the world will change now that this sensitive information is out in the open.