Hacktivist Group GhostShell Claims it Hacked Over 300 Websites

In a series of tweets that detail their latest exploits, Team GhostShell, a hacker group has claimed to successfully hacking over 300 websites around the world with the personal data of over 13,000 users being dumped online, as revealed by Symantec in a blog post.

The hacking spree

Claiming to hack hundreds of websites within the past 48 hours, Team GhostShell posted multiple links showing a number of educational portals, Korean and Japanese websites, travel portals and more as victims of their hacking spree.

With no seeming pattern to the attacks, Team GhostShell claim they hope to raise awareness and attention to the vulnerability and shoddy cybersecurity that most websites embrace, according to group.

Educational institutions targeted in the attack include:

  • The University of Southern California (USC)
  • Princeton University
  • The University of Maryland
  • UCLA Electrical Engineering Department
  • University of Michigan and plenty more.

Those around the world weren’t spared either, with the University of Delhi in India also a victim of the spree. So too were institutions in Australia, Egypt, China along with many other .edu domain websites.

According to preliminary reports looking into the dumped files that have been obtained from the extensive data breach, users’ personal data includes:

  • Names
  • Email addresses
  • Skype IDs
  • Phone numbers
  • Physical addresses

“Reports say that the data dumps reveal compromised account details numbering in the thousands at the lower estimate; however, this number is probably much higher,” said Symantec security researchers.

They also added that while some passwords were encrypted and hashed, most were still stored in plain text. The data dumps also revealed plenty of examples of notoriously weak password: 123456.

A history of notoriety

Team GhostShell were last active in 2012 before going into a hiatus and surfacing again in the present day. At the time, they had:

  • Leaked hundreds of thousands of records from top Ivy-league schools and global universities.
  • Took on organizations such as NASA, the Pentagon and other political groups.
  • Dumped and made public availability of 1.6 million accounts and records from various departments including the Federal Reserve, the FBI, NASA and the Pentagon in December of 2012.

The data dumps from 2012 revealed the usage of SQLmap, a popular injection tool used by hackers which injected and infected the victims’ servers and websites with SQL code.

It is recommended that individuals use strong passwords that are unique to every website and never used across other sites. It’s also recommended that websites providing two-factor authentication as a feature is enabled, giving users comprehensive security.

Admins are advised to use web application firewalls for their databases and keeping all systems and software patched and up-to-date. As a rule of thumb, a Threat Assessment Test is recommended for any institution or enterprise as a precautionary measure to know where any vulnerabilities may be in your networks and website(s).

We will keep you updated on this developing, breaking story.