Cyber Incident Victim: Wellesley High School
Date:
Jan 2015
Location:
United States of America
Summary
A cybersecurity breach at Wellesley College involved unauthorized access to two departmental servers via SQL injection vulnerabilities, resulting in the exposure of login credentials for approximately 700 users. Attackers dumped database contents containing MD5-hashed passwords, which were publicly shared on platforms like Pastebin and Twitter, with one administrator's password decrypted as "jungleb00k." The compromised servers were subsequently isolated and taken offline for forensic investigation. The institution notified affected individuals to change their passwords, though initial breaches reportedly remained undetected for months prior to external notification.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
On April 5, 2015, Wellesley College experienced a data breach involving two departmental servers: mobius.wellesley.edu and firstclass.wellesley.edu. The hacker group TeaMp0isoN, operating through member Chief (@Puttied), publicly disclosed a database dump containing approximately 700 user records from the mobius server via Twitter. The attackers claimed to possess the full database but released only half of it to limit exposure. The compromised data included usernames and passwords hashed with MD5, a cryptographic algorithm known to be vulnerable to decryption through online tools like HashKiller. This incident followed an earlier breach documented on January 26, 2015, when an unidentified attacker posted similar data from both servers on Pastebin. During the January incident, the attacker successfully decrypted an administrator’s password as "jungleb00k" and published it alongside the stolen credentials. Both breaches exploited SQL injection vulnerabilities, though specific technical details of the attacks were not disclosed by the college.
Wellesley College’s Technology Support Services Director, Erin Richardson, confirmed the mobius server compromise and initiated containment measures by isolating the affected system for forensic analysis. The college began notifying users listed in the database, advising immediate password changes across other systems. While Richardson’s statement did not explicitly address the firstclass server, external verification showed it had been taken offline, returning "server not found" errors. The breaches remained undetected by the college for over two months despite public exposure on Pastebin and Twitter, highlighting delayed discovery. No information was provided regarding the number of affected individuals beyond the approximate 700 mobius accounts, nor were details disclosed about potential unauthorized access to academic or personal data. The incident underscored operational security gaps, as third-party observers noted institutional awareness could have been improved through routine monitoring of public platforms like Pastebin for leaked credentials.