Online Degrees and CLEP and DSST Exam Prep Discussion
ProctorU data breach - Printable Version

+- Online Degrees and CLEP and DSST Exam Prep Discussion (https://www.degreeforum.net/mybb)
+-- Forum: Main Category (https://www.degreeforum.net/mybb/Forum-Main-Category)
+--- Forum: General Education-Related Discussion (https://www.degreeforum.net/mybb/Forum-General-Education-Related-Discussion)
+--- Thread: ProctorU data breach (/Thread-ProctorU-data-breach)



ProctorU data breach - jch - 08-06-2020

News has broken today that ProctorU (already my least favorite online proctoring service) has suffered a data breach: https://www.smh.com.au/national/hackers-hit-university-online-exam-tool-20200806-p55j6h.html

They're the provider used by TESU and many other institutions. According to this article, only users registered in 2014 or earlier are impacted. The attackers did get access to unencrypted passwords, so it's time to change your password on ProctorU and anywhere else you used that same credential.


RE: ProctorU data breach - MNomadic - 08-06-2020

(08-06-2020, 01:42 PM)jch Wrote: News has broken today that ProctorU (already my least favorite online proctoring service) has suffered a data breach: https://www.smh.com.au/national/hackers-hit-university-online-exam-tool-20200806-p55j6h.html

They're the provider used by TESU and many other institutions. According to this article, only users registered in 2014 or earlier are impacted. The attackers did get access to unencrypted passwords, so it's time to change your password on ProctorU and anywhere else you used that same credential.

Thanks for sharing. Also, I was literally looking for ideas to write about for cyber security course so this helps!


RE: ProctorU data breach - ctcarl - 08-06-2020

Another reason to love ProctorFU.


RE: ProctorU data breach - Merlin - 08-07-2020

(08-06-2020, 01:42 PM)jch Wrote: News has broken today that ProctorU (already my least favorite online proctoring service) has suffered a data breach: https://www.smh.com.au/national/hackers-hit-university-online-exam-tool-20200806-p55j6h.html

They're the provider used by TESU and many other institutions. According to this article, only users registered in 2014 or earlier are impacted. The attackers did get access to unencrypted passwords, so it's time to change your password on ProctorU and anywhere else you used that same credential.

Yeah, my password manager alerted me to the breach, plus I got an email "Have I Been Pwned" confirming that my information was included in the breach.

Btw, HIBP is a great free service to sign up for if you aren't aware of it. If you are in a data breach, you'll usually find out from them well before you are notified by the company that your info was compromised.


RE: ProctorU data breach - innen_oda - 08-07-2020

(08-07-2020, 04:38 AM)Merlin Wrote: Btw, HIBP is a great free service to sign up for if you aren't aware of it. If you are in a data breach, you'll usually find out from them well before you are notified by the company that your info was compromised.

It is absolutely fantastic. The creator of HIBP keeps talking about selling it, which worries me. It's a great site, but I feel like it's an 'enjoy it while it lasts' kind of thing. Once it gets sold to Microsoft or Google or some other corporate entity, I'll bet a whole collection data dumps will coincidentally not be added in to their databases.


RE: ProctorU data breach - scorpion - 08-07-2020

(08-07-2020, 06:16 AM)innen_oda Wrote:
(08-07-2020, 04:38 AM)Merlin Wrote: Btw, HIBP is a great free service to sign up for if you aren't aware of it. If you are in a data breach, you'll usually find out from them well before you are notified by the company that your info was compromised.

It is absolutely fantastic. The creator of HIBP keeps talking about selling it, which worries me. It's a great site, but I feel like it's an 'enjoy it while it lasts' kind of thing. Once it gets sold to Microsoft or Google or some other corporate entity, I'll bet a whole collection data dumps will coincidentally not be added in to their databases.

You needn't worry. It went open source today.


ProctorU data breach? - Lacedonia4 - 08-29-2020

On Saylor.org I just saw an article from Aug 26, 2020 about a data breach that affected Proctor U. I never received any notification nor email in regard of this. How worried should us students be?

https://www.saylor.org/2020/08/information-about-the-recent-proctoru-data-breach/

PS: sorry didn't realize it had already been posted. I did a search on degree forum before posting and didn't come up. I only saw article yesterday as I checked my progress on some courses on saylor. Thanks for moving my post to the right thread.


RE: ProctorU data breach? - Supermind - 08-30-2020

That article states the following: “If you have never had an account with ProctorU or first created an account with ProctorU after March 2015, this data breach does not affect you.”
Did you create an account with Proctor U before or after March 2015?


RE: ProctorU data breach? - Merlin - 08-30-2020

(08-30-2020, 12:06 AM)Supermind Wrote: That article states the following: “If you have never had an account with ProctorU or first created an account with ProctorU after March 2015, this data breach does not affect you.”
Did you create an account with Proctor U before or after March 2015?

Yeah, this really only affects people who have had a ProctorU account for ≥ 5 years so most people on this forum are probably fine.

That said, it is never a bad idea to change your passwords after a data breach. This is particularly important if you use a common password on multiple sites (which is a terrible idea, just to be clear). Ideally, you should use different random passwords on each site stored in some kind of password manager, so if one gets compromised, it doesn't affect anything else.

If you were affected, as I was, you really just need to change your password on ProctorU and any other sites you may share that password with. My guess is that they hit ProctorU mainly to harvest passwords rather than to specifically gain access to ProctorU accounts. There isn't a whole lot a bad actor can do with old ProctorU accounts since I imagine that most of the people with accounts that old probably don't use them anymore.