A hacker has attempted to sell hacked elite college admissions files to teenaged hopefuls waiting to find out if they have made it into their colleges of choice, Consumer Affairs reports.
The hacker originally offered to sell files for 1 Bitcoin ($3800 USD) in a post mounted at Reddit, but later reduced the price to a fraction of a bitcoin worth, or about $60 USD.
“Entire admissions files,” containing, “comments by admissions officers, assigned ratings, interview report (if present), teacher recommendations, tentative decision (if applying for regular),” were allegedly obtained in a hack on third party admissions platform called Slate, where colleges lodge and manage information on applicants.
Records from at least three “prestigious” colleges- Oberlin College in Ohio, Grinnell College in Iowa, and Hamilton College in New York- were reportedly compromised in the hacks.
The CEO of Technolutions, operators of the Slate platform, reportedly told the Wall Street Journal, “We have advised all of our colleges and universities to review the security practices of their single sign-on and password reset systems.”
The hack may have been made possible thanks to a bug in Google Chrome.
After the Slate hack was disclosed, engineers at Google’s Threat Analysis Group tweeted that all Google Chrome users should immediately update their Chrome browser software because the hack on Slate was allegedly executed via exploitation of Google chrome code error:
According to Consumer Affairs, “researchers found a flaw that may allow hackers to remotely access and ‘hijack’ computers through the desktop version of the chrome app,” meaning earlier versions of the app were somehow leaking users’ private data (ie. passwords) to hackers.
The Chrome bug has now been fixed, but was reportedly detected by a third party and not by Google, and it is hard to say how much private data has already been- suggesting an unknown number of passwords may have already been compromised.
Chrome users are advised to update.
Hacks on public infrastructure are becoming increasingly common, and may only increase as institutions and businesses increase their Internet presence and connectivity.
The Internet has been dubbed a “sea of bad code,” meaning the security of any information that touches it may be seriously in question despite the strong efforts of various software and service providers.