浸大教學系統遭入侵 3,600學生資料被盜(附通告全文)

浸大今日(19日)公佈,發現7月15、16日Moodle(網上教學平台)系統遭入侵,未經授權咁取得咗部分學生姓名、電郵、相片及論壇發文等資料。浸大只稱會按程序處理。據了解,校方已電郵知會港語學召集人、「浸大山神」陳樂行,佢嘅個人資料已被盜取。已知至少有兩名山神成員資料被盜。浸大發言人稱,約有3600名學生的個人資料被盜,已將事件通報個人資料私隱專員公署,以及發電郵通知受影響同學,知會全校師生。

有同學打畀HKBU ITO查詢,得知實際上只有一名同學帳戶被盜用,但被盜帳號可以透過Moodle系統都可以檢閱同班同學資料,例如同一個course 但唔同section嘅同學資料,因此牽連到共3600名同學,最少已取得受害同學姓名、電郵、相片等資料。ITO有嘗試聯絡被盜同學,但未有回覆 ,因此唔肯定同香港最近發生嘅社會事件有無關係。

信件一:

Dear CHAN Lok Hang Andrew,

On 15 and 16 July 2019, unusual activity was found in the Moodle system.  An investigation was conducted, which showed that unauthorised access had been obtained to the names, email addresses, photos and forum posts of some students registered in the Moodle system.  That security breach was likely made via a student account compromised by a hacker.

We regret to inform you that the investigation showed that you are one of the Moodle users whose personal particulars – name, email address, photos and any forum posts – had been exposed to the hacker.  According to the University’s Guidelines for Information Security Incident Handling, the necessary remedial action against the compromised account has been taken.  Furthermore, the standard Moodle function allowing students to access other students’ profiles has been disabled.

Should you have any enquiries or need any assistance, please contact our Service Call Centre at 3411-7899 or hotline@hkbu.edu.hk.

Office of Information Technology

信件二:
To: All Students
Security incident in Moodle system
On 15 and 16 July 2019, unusual activity was found in the Moodle system.  Unauthorised access had been obtained to the names, email addresses, photos and forum posts of some students.  Investigation showed that the security breach was likely made via a student account compromised by a hacker.
Remedial and follow-up actions were immediately taken according to the University’s Guidelines for Information Security Incident Handling.  The necessary quarantine work has been done.  Action has also been taken to disable the Moodle function that allows students to get access to the profiles of other participants in the system.  Users affected by this incident will receive an email today providing details about their cases.
You are urged to be vigilant in keeping your password secure and to report any suspicious activity or security issues to the Office of Information Technology.
Should you have any enquiries, please contact our Service Call Centre at 3411-7899 or hotline@hkbu.edu.hk.
19 July 2019