Brinztech Alert: The Alleged Database of Universitas Lambung Mangkurat is Leaked

Dark Web News Analysis

The dark web news reports a targeted data privacy incident involving Universitas Lambung Mangkurat (ULM), specifically affecting the Faculty of Teacher Training and Education (Fakultas Keguruan dan Ilmu Pengetahuan – FKIP). A threat actor group is claiming responsibility for the breach on a hacker forum monitored by SOCRadar.

The actors have associated themselves with the monikers “WeHackThePlanet” and “WeHackEverything”, utilizing the tagline “WeTellTheTruth”. They have provided a link to access the alleged database, which likely contains sensitive academic and personal records. This specific targeting of a teacher training faculty suggests the data may include not just student information, but also certification details for future educators.

Key Cybersecurity Insights

Breaches of higher education institutions are “Tier 1” identity threats because they aggregate data from young adults entering the workforce and long-term faculty staff:

• Academic Identity Theft: The exposure of student records often includes Full Names, Student IDs (NIM), Addresses, and Parents’ Names. In Indonesia, this combination is sufficient for criminals to open fraudulent bank accounts or register for illegal online loans (Pinjol) in the student’s name, ruining their credit rating before they even graduate.
• “WeHackThePlanet” Motivations: The tagline “WeTellTheTruth” often indicates a Hacktivist or “Grey Hat” motivation, rather than pure financial gain. These groups sometimes leak data to expose poor security practices or to make a political statement about the education system. However, the result—public exposure of PII—remains damaging regardless of intent.
• Faculty & Certification Fraud: Since the breach targets the Teacher Training Faculty, there is a risk of Credential Fraud. Attackers could use the leaked data to forge teacher certifications or manipulate academic transcripts, potentially allowing unqualified individuals to enter the education workforce.
• Targeted Phishing: With access to the faculty’s internal database, attackers can launch highly convincing Spear Phishing campaigns. Emails sent to students claiming to be from “Academic Administration” regarding “Thesis Defense” or “Tuition Arrears” will have a high click rate, leading to further credential theft.

Mitigation Strategies

To protect the academic community and institutional integrity, the following strategies are recommended:

• Internal Verification: The ULM IT team must immediately cross-reference the leaked data samples with their internal SQL databases to verify the authenticity and scope of the breach. Determine if the leak came from a legacy system or the active academic portal.
• Credential Reset: Force a mandatory password reset for all students and lecturers within the FKIP environment. Implement Multi-Factor Authentication (MFA) for accessing the Academic Information System (SIAKAD).
• Student Advisory: Issue an official statement to students warning them of the potential leak. Advise them to be wary of suspicious WhatsApp messages or emails asking for payments or personal data verification.
• Vulnerability Patching: Conduct a vulnerability assessment of the FKIP web portal. Educational subdomains often run on older Content Management Systems (CMS) that may have unpatched vulnerabilities (like SQL Injection) that were exploited by the attackers.

Secure Your Business with Brinztech — Global Cybersecurity Solutions

Brinztech protects organizations worldwide from evolving cyber threats. Whether you’re a startup or a global enterprise, our expert solutions keep your digital assets safe and your operations running smoothly.

Questions or Feedback?

For expert advice, use our ‘Ask an Analyst’ feature. Brinztech does not warrant the validity of external claims. For general inquiries or to report this post, please email us: contact@brinztech.com