Wp School Press Nulled Xenforo
in december 2019, the students of the moscow state university breached the website of a school named the tomsk national research park in siberia. the students were able to gain access to the website by taking advantage of a vulnerable wordpress plugin called gravatar. gravatar is a commonly used plugin for displaying avatars, profile images and website information on third-party websites. the students were able to access a database containing personal information of students.
in february 2020, the security company darktrace published a blog post about their discovery of a vulnerability in wordpress that would allow an attacker to view the names of all users registered on a website using the popular blogging platform. the vulnerability would allow a hacker to view any users name, email address and a one-time password that is stored in the users account. the vulnerability was introduced in december 2018 and the hackers made use of it to steal the details of over 600,000 users.
in march 2020, the popular blog platform wordpress was hacked and leaked the personal information of over 28 million users. the database contained details such as names, emails, passwords, and dates of birth. the hackers, who called themselves the /r/internetfeds, then proceeded to create a twitter account to warn the users of the breach.
in december 2019, the german online education website startup school suffered a data breach. the data was exposed on the dark web with the provided data including 2.2m unique email addresses, usernames, ip addresses, genders, geographic locations, passwords stored as md5 hashes, usernames and ip addresses of senders.
the website hosting infrastructure of the florida virtual school was affected by a data breach. on 12th feb 2018, the flvs was made aware of a data breach by a member of the public who found an xml file containing their students records on a server in the wild. the data breach notification explained that the attacker may have gained access to the server in september 2017, and accessed and copied the database file. the attacker then posted the xml file of the data on a public file sharing site. based on the indicators of compromise (iocs), the investigation revealed the attack was a multi-stage targeted attack conducted by a state-sponsored actor.
the florida virtual school has become the second florida based school to suffer a data breach. on 12th feb 2018, the flvs was made aware of a data breach by a member of the public who found an xml file containing their students records on a server in the wild. the data breach notification explained that the attacker may have gained access to the server in september 2017, and accessed and copied the database file. the attacker then posted the xml file of the data on a public file sharing site. based on the indicators of compromise (iocs), the investigation revealed the attack was a multi-stage targeted attack conducted by a state-sponsored actor.
in july 2017, the florida virtual school became the first school in the us to be hacked. by the time the attacker was arrested, it is suspected that around 30k childrens records were exposed. the investigation revealed that the attacker was able to gain access to the computers of a systems administrator via spear phishing emails and succeeded in accessing the vbulletin forum and copying a sql backup file containing the database. the backup file then went on to be posted on a public file sharing site where it remained until the attack was discovered. the attack took place in september 2017 and the records of 368k students were published on a data breach notification website.