Cyber Incident Victim: University College London
Date:
Oct 2014
Location:
United Kingdom
Summary
University College London experienced a cybersecurity breach where its president's account sent a cryptic "bello" email to all students, triggering widespread mockery and social media attention under the hashtag #bellogate. The compromised "all-students" address was subsequently used to subscribe recipients to a gay pornography service, while a fraudulent follow-up email impersonating IT services referenced the incident, indicating broader system vulnerabilities. The institution confirmed unauthorized access, initiated an investigation, and advised students against engaging with suspicious communications.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On October 8, 2014, University College London (UCL) students received an unexpected email from the official account of President Michael Arthur addressed to an "all students" mailing list. The message contained only the word "bello," with no additional context or explanation. The unexplained communication triggered immediate ridicule from recipients, with dozens replying directly to the email. One student referenced Lionel Richie's song "Hello" by responding, "Bello? Is it me you're looking for?" The incident escalated when the compromised "all-students" account was reportedly subscribed to a gay pornography service, amplifying confusion and concern among the student body.
Within hours, the hashtag #bellogate became a top trending topic on Twitter in the UK, surpassing discussion of the Great British Bake Off finale airing that same evening. Students publicly speculated about the breach on social media, with one tweet noting the Provost had "signed us all up for PornHub." A subsequent hoax email, purportedly from UCL's IT Service Desk and referencing the pornography site, suggested additional internal email accounts had been compromised. UCL confirmed on October 9 that it was investigating the security breach and urged students to cease engaging with suspicious emails. The university did not initially disclose the scope of affected systems or the method of intrusion but acknowledged the incident had disrupted communications and drawn significant public attention.