Information security specialist from a cyber security firm, WizCase revealed data leak of Libyan Ministry of Education, from an open Elasticsearch database holding 2GB of students data from all over the world (complete report here), including countries like:
- UK
- Egypt
- Turkey
- USA
- Canada
- France
- South Africa
- Australia
The WizCase discovered a 2GB data hosted in Germany server, contained personal details of over 55,000 exchange students from around the world. The leaked data included:
- Full Name
- Email address
- Passport and ID numbers
- Date of Birth
- Photos
- Degrees
- Country of Origin
- Destination Country
- Marital Status
- Phone Number
- Thesis Details
- Transfer approval decision
- Start and end dates of the educational programs
- Tuition Costs
- Scanned copies of formal letters directed at the students
- Student Information (student number, user status, start & end dates, etc.)
- Employer
Consequences of Such data Leak
As the data contains students private information, they are prone to further attacks, which includes:
- Identity Theft
- Phishing
- Catfishing
- Phone Call Scam
How did this happened
The website of Libyan Ministry of Education uses student portal with unsecured Elasticsearch, which is not protected enough for security. Also data found is in clear text which can be a big threat for the students privacy issues.
Team has contacted the Libya’s Ministry of Education and Libya’s Computer Emergency Response Team (CERT) which failed to reply. Hosting provider is also contacted, which responded in a cold reply to contact customer directly. Finally, Africa’s CERT has been reported for leak, which further contacted Libya’s Ministry of Education.
Cyber Security Researcher. Information security specialist, currently working as risk infrastructure specialist & investigator. He is a cyber-security researcher with over 25 years of experience. He has served with the Intelligence Agency as a Senior Intelligence Officer. He has also worked with Google and Citrix in development of cyber security solutions. He has aided the government and many federal agencies in thwarting many cyber crimes. He has been writing for us in his free time since last 5 years.