User Web Site Security Failure Leads To Ball State Breach
Submitted by Adam Dodge on Fri, 2009-05-22 06:45
Quick Facts
- Date: 5/22/2009
- Institution: Ball State University
- Type of Incident: Penetration
- Number Affected: 2,000
- Source: ESI
- Abstract Source: Ball State Daily News Online
Abstract
Ball State University officials announced that the recent compromise of one of the university's iWeb servers was caused by user error and not the recently disclosed IIS vulnerability. According to officials, one of the users on the server failed to properly secure their web space which allowed an unknown individual(s) to upload a malicious script to the server. The breached server was one of eight such web servers and housed web accounts for about 2,000 individuals. Most of these 2,000 had their web content replaced with a taunting message. Ball State officials say the iWeb server was backed up a few hours before the breach and most content should be restored soon.