More than 400,000 hit by data breach at online exam site — what to do

An illustration of the words SYSTEM HACKED on a computer screen accompanied by a yellow triangle containing an exclamation mark.
(Image credit: solarseven/Shutterstock)

ProctorU, a proctoring platform for online exams, has disclosed that it was the victim of a major data breach. ProctorU allows teachers to ensure that students don’t cheat when they take part in online exams.

The firm was one of 18 organizations who have had databases containing 386 million records stolen by hackers since January. In late July, all the databases were offered for free in online hacker forums.  

A wider breach

The ProctorU database apparently contains the details of 444,000 people, including names, home addresses, emails, cell phone numbers, hashed passwords and organization details, according to Bleeping Computer, which had a look at the stolen information. Presumably, the majority of records pertained to current or recent college students.

Last week, ProctorU confirmed that there had been a data breach in a tweeted response to the University of Sydney's student newspaper. 

See more

A subsequent ProctorU blog post repeated the tweeted information, asserting that "the records were from 2014, and did not contain any financial information."

However, Bleeping Computer said the database contained email addresses associated with educational establishments including UCLA, Harvard, Princeton, Yale, North Virginia Community College, University of Texas, Columbia, UC Davis and Syracuse University, among others. There were also email addresses associated with the U.S. military. 

Several years worth of data

BleepingComputer claims to have come across the details of people who signed up for ProctorU in 2012, 2013, 2014, 2015 and 2017.

ProctorU's blog post said that "ProctorU has disabled the server,  terminated access to the environment and is investigating this incident.”

It added, “ProctorU has implemented additional security measures to prevent any recurrence.  We have begun notifying affected universities and organizations and will continue to do so.”

To minimize the damage from a data breach, you should set strong passwords, never reuse passwords for different websites, enable two-factor authentication wherever possible and use one of the best password managers.

“Although the majority of the exposed data seems to be old, there is always a risk much of this data is still valid to day and of interest to cybercriminals," Jake Moore, a security specialist at ESET, told Tom's Guide.

"Some of the passwords used years ago for some of these accounts may still be used today for other linked accounts," Moore added. "It is vital that those affected check their accounts and make sure all their passwords are unique and long. Breached data, however old, has a value to a hacker especially when financial data and password data has been stolen.”

  • More: Stay anonymous without the spend with a cheap VPN

Nicholas Fearn is a freelance technology journalist and copywriter from the Welsh valleys. His work has appeared in publications such as the FT, the Independent, the Daily Telegraph, The Next Web, T3, Android Central, Computer Weekly, and many others. He also happens to be a diehard Mariah Carey fan!