A Ball State University official said Thursday that an iWeb server breach earlier in the week happened because a user failed to properly secure his or her account. As a result, someone uploaded a malicious script to the server.
The breach was not related to a recently announced Microsoft security vulnerability, as was originally believed, Tony Proudfoot, vice president for marketing and communications, said.
The attack happened Monday and was announced by the University Tuesday afternoon.
The server was one of eight that holds individual Web hosting accounts for Ball State students and employees. The breached server holds more than 2,000 accounts, Proudfoot said.
Most had their content was replaced with a page that said "You've been hacked."
A representative from University Computing Services said the server was backed up two hours before the intrusion and almost all data should be restored.
Six accounts contained social security numbers, Proudfoot said.
Most were students who posted their own. One was a university employee who posted his or her own and that of a family member not affiliated with the university.
Proudfoot said posting social security numbers violates the iWeb terms of use, but that no confidential university information was accessed.
All eight iWeb servers were taken down while UCS reviews their security and looks for other personal information.
Read More
Three Air Jam teams take home the win
October 12, 2012Nineteen teams shimmied, shook and flipped for a sold out John R. Emens Auditorium on Thursday night during the 25th annual Air Jam.
Bill Clinton Speaks at North Central High School
October 12, 2012Former President's Speech Could Have Effect on State Senate Race
