zanderthunder Posted October 18, 2019 Share Posted October 18, 2019 Friday, 18 Oct 2019|11:30 AM MYT By Angelin Yeoh, Christina Chin and Elim Poon Users were greeted with this image on the E-Pay portal before it went offline. — Twitter @XavierNaxa Universiti Malaya (UM) E-Pay Cashless Payment and Records portal is currently inaccessible after it was reportedly defaced with what appears to be a protest message, last night. According to a Twitter post, the defaced portal carried a message that included hashtags #NoRasis and #UndurVC, probably to highlight the recent student protest at the university’s convocation ceremony. Deputy Education Minister Teo Nie Ching said the ministry has yet to receive a report on the incident. “I just read about it this morning. Let us get the details first before I comment,” she said after the launch of the “Back-to-School” programme at SK Klang Gate. The online portal was launched in January this year to allow students to make financial transactions such as paying university fees. The Star sighted a series of WhatsApp messages circulated by students warning others from accessing any of UM’s other portals for the next 24 hours. Some claimed that more than one UM portal has been hacked, and it’s likely to put their information at risk if they logged in. "Hey guys, please don’t log into Spectrum, MYUM and UM E-Pay for the next 24 hours. All of these websites have been hacked. The hacker can see your credentials and also can see your MYUM financial account status," the message read. A UM lecturer also sent out a similar message, warning students not to log in to UM’s websites, saying it could also be infected with malware. A chemical engineering student at UM believes the attack was to highlight an ongoing protest by a student group against UM vice-chancellor Datuk Abdul Rahim Rashid. "This is not the right way and platform to express their feelings. Why affect other innocent students and the operating system of the university?" the person said. Another student who also wished to remain anonymous expressed disappointment that the UM vice-chancellor attended the Malay Dignity Congress. "I think it's acceptable for this unknown party to hack the UM E-pay portal as a protest. But that's if they do not take any advantage of the students' financial data,” the person said. “If they do, that'd be wrong. It is one thing to voice out, it is another thing to harm others. Freedom of speech should be done without causing harm to others," the student said. The Star has reached out to UM for comments. Source: 1. Universiti Malaya E-Pay portal is down after being defaced - via TheStar Online 2. Penggodam mensasarkan gerbang pembayaran Universiti Malaya untuk menyuarakan tanda protes. (translation: Hacker targets Universiti Malaya's payment portal to voice out protest signs) - via Twitter Link to comment Share on other sites More sharing options...
zanderthunder Posted October 18, 2019 Author Share Posted October 18, 2019 Student activist denies hacking UM e-payment website FMT Reporters - October 18, 2019 8:59 AM A poster on Wong Yan Ke’s Facebook page and an image bearing the same words on the hacked website. PETALING JAYA: The Universiti Malaya (UM) student activist who recently stirred controversy by holding a lone protest during his convocation ceremony has denied involvement in an attack on the institution’s e-payment website. In a statement, Wong Yan Ke said he heard that the site had been hacked yesterday evening and wanted to make it clear that he had nothing to do with it. “I know nothing about computer science, and I didn’t order anyone to do this on my behalf,” he added. He also displayed a picture of a message he had shared two days ago, which was left at the site as well. It read: “I would rather die standing than live kneeling. If my words threaten those in power so be it. If my pictures alarm the people, that is good. Your teeth come down my sword goes up.” At the time of writing, FMT was still unable to access the site which is used for all transactions with UM. Wong Yan Ke Wong, a civil engineering student, had carried a placard on-stage during his convocation ceremony on Monday demanding the resignation of UM vice-chancellor Abdul Rahim Hashim. He told FMT he protested against Rahim because the university’s name had been used for racial and political reasons as one of four institutions which organised the Malay Dignity Congress. UM later lodged a police report against Wong, accusing him of tarnishing the university’s image and disrupting convocation protocol. Source: 1. Student activist denies hacking UM e-payment website (via Free Malaysia Today) 2. Wong Yan Ke's statement (via Facebook) Link to comment Share on other sites More sharing options...
zanderthunder Posted October 18, 2019 Author Share Posted October 18, 2019 Universiti Malaya: No data compromised in E-Pay portal hack Friday, 18 Oct 2019 | 4:45 PM MYT By Angelin Yeoh and Christina Chin PETALING JAYA: No data or information was compromised after the Universiti Malaya (UM) E-Pay Cashless Payment and Records portal was hacked, according to the university. The portal, which was inaccessible since late Thursday night after it was defaced with a message that included hashtags #NoRasis and #UndurVC, is expected to be active again soon. The varsity’s forensics information systems team is investigating the incident, UM said in a statement today. When the incident was detected, the system was shut down immediately. “This is to allow investigations to be carried out and for us to work on restoring the site. The portal and network system was re-activated at noon but we are still in the testing process. It will be active again soon,” the statement read. In a separate statement, a spokesperson told The Star that no police report has been lodged yet. The Star sighted a series of WhatsApp messages circulated by students warning others against accessing any of UM’s other portals for the next 24 hours. Some claimed that more than one UM portal has been hacked, and it’s likely to put their information at risk if they logged in. "Hey guys, please don’t log into Spectrum, MYUM and UM E-Pay for the next 24 hours. All of these websites have been hacked. The hacker can see your credentials and also can see your MYUM financial account status," the message read. A UM lecturer also sent out a similar message, warning students not to log in to UM’s websites, saying it could also be infected with malware. The E-Pay hack has received some mixed reaction from students. Hacking, said one student, was not the right way to express one’s feelings. “Why affect other innocent students and the operating system of the university?" the person who wished to remain anonymous, said. Another student from the Faculty of Language and Linguistics, however, said hacking was a better way of expressing dissatisfaction towards the vice-chancellor compared to the recent solo protest at the varsity’s convocation ceremony. "Of course it affects UM but at least it didn't create much chaos as like what happened at convocation. “I think the protests won't stop until the vice-chancellor does something. “So I think the he should come out and discuss the issues. If he is still being ignorant, nothing will be resolved. Those who are protesting will keep on protesting," the student said. Deputy Education Minister Teo Nie Ching said the ministry has yet to receive a report on the incident. Speaking to reporters after the launch of the “Back-to-School” programme at SK Klang Gate, Teo said she was still waiting for details on the hacking. On the protest and subsequent police report lodged by UM, she said the matter could be resolved amicably but both sides (the university and student) must engage. "We are in the process of doing that," she said, adding that it’s her “personal” view that student activist Wong Yan Ke’s degree scroll should not be withheld. The civil engineering graduate, who said the university refused to release his degree scroll after the protest, is being investigated under Section 504 of the Penal Code after a police report was lodged by the varsity against Wong who shouted, "Ini Tanah Malaysia" while carrying a placard with the words "Tolak Rasis" (reject racism) and "Undur VC" (step down VC) on stage during the degree scroll ceremony on Oct 14. Wong posted on his Facebook denying he was behind the hacking. “I received news that the website was hacked by an anonymous person and quickly posted on Facebook to make it clear that I wasn’t involved,” he said when contacted. He had shared a message on social media two days ago which was later uploaded on the hacked portal. “I have to clarify here before the cyber troopers start accusing me. I know nothing about computer science. And, I didn't order anyone to do this on behalf of me. “I disagree with this act of hacking,” he wrote on Facebook. Source: Universiti Malaya: No data compromised in E-Pay portal hack (via TheStar Online) Link to comment Share on other sites More sharing options...
zanderthunder Posted October 19, 2019 Author Share Posted October 19, 2019 Universiti Malaya Staff Personal Data, Banking and Salary Details Leaked Online EXCLUSIVE: Massive amounts of personal details belonging to Academic and Non-Academic staff of Universiti Malaya were dumped online earlier today. Also leaked was close to 24,000 login id’s and hashed passwords – believed to be from UM’s e-Pay online payment portal. As of June 2019, Universiti Malaya is reported to have 2,013 local and 331 International Academic Staff, as well as 649 Management Personal and 2,877 Support Staff which we believe are now victims of this data breach. The leaked files, which were uploaded to an anonymous file-sharing site also included backend passwords and database credentials, making it a very real possibility that a lot more data and financial records – even those belonging to the students – might have been compromised. This first part of the leaked data contained payslip information of Universiti Malaya Academic and Non-Academic staff members, including individual Bank Names and Bank Account numbers. The bank account numbers were matched to Staff Names, MyKad Numbers as well as Staff ID numbers. The second part was somewhat smaller in size but contained additional confidential information of Employees Tax (LHDN) Numbers, EPF Numbers, Department, Branch Location, Position as well as salary information. We also can confirm the discovery of close to 24,000 email id’s alongside hashed login credentials inside the second part. We have sufficient reason to believe that these login credentials were part of the E-Pay site which was defaced yesterday. Earlier today, Universiti Malaya released a statement claiming that no data was compromised when their e-Pay portal was defaced. We in our immediate article after the attack cautioned that the defacement had compromised their own servers, and therefore the likelihood of a data breach was very high. We are not able to conclusively ascertain if this data breach is directly related to the current issues at Universiti Malaya or if it is was a mere coincidence. While the current issues might be resolved sooner then later, the victims of the data breach will have to deal with the long lasting impact of having their personal and private details exposed. We have already taken the necessary steps to notify the authorities of the breach before publishing this article. Source: Universiti Malaya Staff Personal Data, Banking and Salary Details Leaked Online (via Lowyat.NET) Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.