Days after the Far Eastern University (FEU) prompted its students to strengthen security on all public accounts due to the online attack on government dissenters through proliferation of impostor Facebook profiles, the community was shaken by yet another digital strike by a group of hackers which leaked students’ personal information.
At 11:27PM of June 16, DRK of Pinoy Grayhats, a Facebook page of a team of individuals calling themselves skilled in Security Offensive, leaked the private data of at least 1,000 students.
The information consisted of the learners’ full name, student number, program, password, and mobile number which were already uploaded on May 28, but were only made public at the time of the leak. Three hours after the leak, the link containing the data was made unavailable.
The group noted that prior to the post, two of their members with aliases InFamouz and Alita already warned the university about the risky security of the site, but FEU took no action.
The progressive organization Anakbayan-FEU alerted the students about the data breach and advised them to take serious security measures by changing their password, refraining from answering calls and text messages from unknown contacts, and securing social media accounts connected to their mobile number.
The FEU Central Student Organization echoed the recommendation and encouraged them to change student central passwords as well for security purposes.
However, none of these security measures taken by the individuals have calmed the community down for there is no guarantee that their data are now safe, unless assured by the FEU technical team to resolve this issue.
According to the two-sentence statement posted by the university in their Facebook page, the Information Technology Services (ITS) is now looking into the matter and is working with external consultants to investigate further.
But the students and their families are not at all satisfied with how the administration is handling the matter.
Sherwin Felix, in his public Facebook post, expressed his frustration on the incident and the “generic” statement of the university. He argued that it lacked accountability and doesn’t recognize its incompetence. He added that the administration is obviously downplaying the issue, something to be mad about because matters such as this must be taken seriously and with honesty and transparency.
Students lamented that with this incident at hand, their safety is not at all the university’s priority.
Students also pointed out that the amount they pay for the school fees is unfair and unjust when the administration could not even guarantee the protection of their data. The students also called out the university’s incompetence and campaigned against the unjust tuition and miscellaneous fees.
Joseph Lopez Locquiao also called out the administration in the mishandling of the case, saying “Nung nagrelease ng statement tungkol sa paniningil ng tuition, ang haba ng sinabi. Tapos tungkol na sa info namin na hindi nasecure, ganito lang?”
[When we released a statement regarding the tuition fee increase, they responded lengthily. But when it comes to our data now at risk, this is all they could offer?)
Another student followed the advice of the student bodies in the university. But after he undertook security measures such as changing his current password, it reverted to its default code right after changing it.
FEU has said in their statement regarding the proliferation of dummy accounts that they are strengthening the security measures to ensure the safety of the system and the students.
FEU reported to the Securities and Exchange Commission and the Philippine Stock Exchange on June 18 that is student portal may have been compromised and they are implementing measures to address the possible data breach.