Brinztech Alert: The Alleged Database of Erbil Polytechnic University is Leaked

Dark Web News Analysis

The dark web news reports a significant data breach involving Erbil Polytechnic University (EPU) in the Kurdistan Region of Iraq. A threat actor known as “Solonik” has claimed responsibility for the attack, releasing a dataset that includes both structured database records and a massive repository of raw files.

The leak reportedly consists of thousands of records in CSV format alongside over 4GB of files (JPG, PDF, PNG). The compromised fields are extensive, covering Student IDs, Full Names, Emails, Phone Numbers, Addresses, Resumes/CVs, Education Streams, Skills, and Hashed Passwords. The presence of raw files suggests that student profile photos, scanned diplomas, or identification documents may also be included.

Key Cybersecurity Insights

Breaches of higher education institutions are often underestimated, but the combination of “Resume” data and “Identity Documents” creates a high-risk environment for students:

• Recruitment & Scholarship Scams: The exposure of Resumes, Skills, and Education Streams is highly dangerous. Attackers can use this data to craft “Spear Phishing” emails posing as international recruiters or scholarship committees: “Dear [Name], based on your skills in [Skill Name] at EPU, you are eligible for this scholarship. Send the processing fee here.” The relevance of the offer makes the scam convincing.
• Document Fraud: The 4GB of files (PDFs/JPGs) likely contains scanned copies of student IDs, transcripts, or national ID cards uploaded during registration. Criminals can use these “Verified Documents” to bypass Know Your Customer (KYC) checks on crypto exchanges or online banks, committing fraud under the student’s name.
• Credential Stuffing: The leak contains Hashed Passwords. If the hashing algorithm used was weak (e.g., MD5 or SHA1 without salt), attackers will crack these quickly. Since students often reuse passwords for social media or personal email, this breach could lead to widespread account takeovers across the internet.
• Safety of Staff: The breach affects Staff as well as students. The exposure of faculty addresses and contact details can lead to harassment or targeted social engineering attacks aimed at gaining deeper access to the university’s administrative networks.

Mitigation Strategies

To protect the academic community and student futures, the following strategies are recommended:

• Global Password Reset: EPU administration must immediately force a password reset for all .epu.edu.iq accounts and associated portals.
• Student Advisory: Issue an urgent warning to students via SMS and campus notice boards. Advise them to be extremely suspicious of unsolicited job offers or scholarship emails that ask for upfront fees.
• MFA Implementation: Enable Multi-Factor Authentication (MFA) for all student and staff portals to prevent attackers from using the leaked credentials to access grades or financial data.
• Data Analysis: The IT team should download the leaked sample to verify what specific types of documents (IDs vs. profile pics) are in the 4GB folder to accurately assess the identity theft risk.

Secure Your Business with Brinztech — Global Cybersecurity Solutions

Brinztech protects organizations worldwide from evolving cyber threats. Whether you’re a startup or a global enterprise, our expert solutions keep your digital assets safe and your operations running smoothly.

Questions or Feedback?

For expert advice, use our ‘Ask an Analyst’ feature. Brinztech does not warrant the validity of external claims. For general inquiries or to report this post, please email us: contact@brinztech.com