Cyber Incident Victim: University of Limpopo

On May 13, 2016, the New World Hackers (NWH), a group affiliated with the Anonymous collective’s #OpAfrica campaign, breached the University of Limpopo’s website in Polokwane, South Africa. The attackers defaced the site with messages promoting #OpAfrica’s principles and criticizing the university’s administrators for poor security practices. The defacement was removed shortly after discovery, but the university’s website remained inaccessible as of May 15. NWH member SinfulHazeCE claimed responsibility for the intrusion, which involved exploiting vulnerabilities in the website’s code. The group publicly chastised the institution, stating, "A university has experts who should know how to secure a website... They should know not to code their website with vulnerabilities all over the place."

The attackers exfiltrated and leaked four categories of data through publicly accessible links. A Mega.nz repository contained 1.08 GB of exam papers (1,978 PDF files) and 35 MB of non-sensitive intranet materials like promotional PDFs and PowerPoint presentations. Separately, they released personal details of 18,545 current students—including full names, dates of birth, academic departments, student numbers, and enrollment years—and 16,383 alumni records with similar identifiers plus gender. A fourth leak exposed 1,700 faculty phone numbers, some already publicly available. Additionally, administrative credentials (both hashed and cleartext passwords) were compromised. NWH announced plans for further #OpAfrica-related data dumps in subsequent weeks. The breach disrupted university operations by forcing the website offline and exposed sensitive student information, though no institutional response or containment measures were detailed in available reports.